DarkSide gang lost access to it's servers

Sicherheit (Pexels, allgemeine Nutzung)[German]The DarkSide cyber gang, responsible for many ransomware attacks provided "as-a-service" announced it's shutdown after they lost control of it's servers. They claim that their servers where seized and the cryptocurrency was transferred from their account to an unknown wallet. That was claimed in a message posted within he Russian OSINT Telegram channel and also on the cyber gangs web site. Addendum: An analysis showed that the gang collected $17.5 million ransome.


After the successful cyber attack on Colonial Pipeline (see my article Ransomware attack on US pipeline operator (May 2021)) US President Joe Biden announced that they will disrupt the DarkSide gang. Now the Darkside ransomware group seems they have lost control over it's servers.

DarkSide gang lost access to it's servers

Threat intelligence analyst Dmitry Smilyanets from Recorded Future found a post (see the Tweet above), left by Darkside ransomware operator Darksupp on Exploit Forum, which says (translated):

Since the first version , whe have promised to speak knostly an openly about problems.

A few hours ago, we lost access to the public part of our infrastucture, namely:


Payment server

SDN server

Now these servers are not available via SSH, the hosting panes are blocked. Hosting support, except for information "At the trequest of law enforcement bodies" does not give other information.

Also, a few hours after the withdrawal, funds from the payment server (ours and clients) were sent to an unknown address.

The Record writes here, that President Biden said in a press conference on Thursday "We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks. We are also going to pursue a measure to disrupt their ability to operate.". But The Record also wrote, that the Darkside Group could have used Biden's statement to announce a shutdown of it's infrastructure, claim the payments and run away (exit scam).

Further details may be read at The Records, Bleeping Computer and Krebs on Security. Addendum: An analysis published on this website showed that the Bitcoin wallet used by DarkSide received a total of $17.5 million in Bitcoin transactions since March. This includes a payment of 75 Bitcoins Colonial Pipeline.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *