Science & Nature

Colonial Pipeline Ransomware Group Loses Control of Critical Server Infrastructure

Colonial Pipeline Ransomware Group Loses Control of Critical Server Infrastructure thumbnail


The criminals are shutting down their operations.

colonial pipeline ransomware feature

The criminals associated with the DarkSide ransomware attack responsible for crippling fuel deliveries and soaring fuel prices in the US have revealed that their “servers were seized” and money transferred to an “unknown account.”

DarkSide Ransomware-as-a-Service Ceases Operations

The DarkSide ransomware attack on the Colonial Pipeline has caused massive disruption across the US. The pipeline carries refined oil products some 5,500 miles across the country, carrying around 3 million barrels of oil between Texas and New York per day and accounting for around 45 percent of the East Coast’s fuel supply.

The ransomware attack knocked the critical pipeline offline, sparking frantic scenes as citizens rushed to fill all manner of containers with fuel in anticipation of shortages, forcing gas prices as high as $3 per gallon, the highest seen since 2014.

Furthermore, Colonial announced that it had paid the ransomware operator a $5 million ransom to receive a decryption tool but still had to resort to “traditional” data recovery as the ransomware firm didn’t respond fast enough. Although that sounds like a win-win scenario for a ransomware firm, other victims may refuse to pay a ransom if they think the firm won’t provide help afterward.

Now, in a turn of events, the ransomware-as-a-service operators informed their affiliates that they had lost control of a significant portion of the ransomware network itself, including payment servers, along with funds that have been transferred to other inaccessible accounts.

The post was made on a Russian crime forum, though cybersecurity companies monitoring the case, such as FireEye’s Mandiant, have raised suspicions regarding the sudden announcements.

The post cited law enforcement pressure and pressure from the United States for this decision. @Mandiant has not independently validated these claims and there is some speculation by other actors that this could be an exit scam. (3/3)

— FireEye (@FireEye) May 14, 2021

Not only is the timing highly suspicious, but it fits with other ransomware-as-a-service operations seen previously. After a successful score, the service drops off the map for a while, resurfacing a later date with a fresh target.

However, the announcement did come with a small bonus for other victims of the same ransomware. Before shutting up shop, the ransomware operator will provide decryptors to anyone who hasn’t yet paid a ransom, fitting in with the operator’s earlier message that they’re only in it for the money, not to cause actual disruption and damage to property.

Noble as that is, the damage for many people is already done.

Ransomware as a Service Keeps Criminal Activity Agile

Ransomware remains a scourge, with victims facing the eternal battle between paying up to decrypt and recover files, all the while knowing that those funds are fuelling criminal activities.

In this case, Colonial felt that there was no choice but to pay to receive a decryptor—even if that process failed.

Many companies want ransomware payments banned, stating that payment only encourages criminals to perform more attacks. But while attacks continue and governments, businesses, and utilities suffer, the payment of ransoms must surely be made on a case by case basis.



7 Types of Ransomware That Will Take You by Surprise

Ransomware always takes you by surprise, but these new types of ransomware are taking it to a higher (and more annoying) level.

Read Next

About The Author

Gavin Phillips
(855 Articles Published)

Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and a regular product reviewer. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.

From Gavin Phillips

Subscribe To Our Newsletter

Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!


Read More

Learn More: science clipart,science memes,q sciences,science diet puppy food,science background,science gif,science is real,science 37,science logo,science wallpaper,science symbols,science gifts,science pick up lines,science jobs near me,science center of iowa,pescience protein,science beaker,science park high school,science bowl,science spot,science immunology,science hill ky,science synonym,science emoji,science valentines,science t shirts,science spectrum,science riddles,science notebook,science history institute,science kits for teens,science skills center high school,pescience high volume,science 37 careers,science kits for adults,q sciences login,science in german,usciences basketball,pescience pre workout,science 360,in science an educated guess is a,science uil,kscience photolab,science under evaluation

Leave a Reply

Your email address will not be published. Required fields are marked *