Darkside is now inaccessible.
The servers of the hacker group behind the cyberattack targeting US oil pipeline operator Colonial Pipeline last week have been taken offline, cybersecurity firm Recorded Future said on Friday.
According to the company, the hacker who demanded a ransom from Colonial Pipeline admitted that Darkside had lost access to several of the servers the group uses to host their blog or to get paid.
Accessible by the TOR browser on the dark web, the underground version of the internet, the Darkside site was inaccessible on Friday morning.
Wonderbox, victim of a cyberattack
Less known than the rival cybergangs, Egregor or REvil, the Darkside group began to be talked about last summer.
It operates like its competitors a "ransomware-as-a-service", that is to say that the malicious software, developed by them and which encrypts the victim's files, is rented by affiliates who donate a part of their booty after an extortion.
Read alsoHackers try to extort Wonderbox in exchange for stolen data
They usually hunt large companies that may be able to pay the hundreds of thousands of dollars claimed in virtual currencies. Thus, the specialist in gift boxes Wonderbox had also been the subject of an attempted ransomware cyberattack on January 30, 2021. According to the company, “the intrusion concerned 'the PC of an employee' and not its servers.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/KMEYMJKESBAZBE4MRBAM4TGHIQ.jpg)
