Darkside is gone, but Who did it?

darkside-ransomware-keyboard

On may 14th, 2021, a message from a cybercrime forum believed to be from Darkside Admin read.

A few hours ago, we lost access to the public part infrastructure namely the:

Blog.

Payment Server.

DOS Servers.

Now these servers are unavailable by SSH, the hosting panels are blocked. Hosting support, apart from  information “at the request of law enforcement agencies,” does not provide any other information.

Also a few hours after the withdrawl, funds from the payment server (ours and clients’) were withdrawn to an unknown address.

An analysis of dark web communications tells, Darkside RAAS infra is offline along with another website related to them used by the criminal gang to pressure victims by naming and shaming during extortion negotiations.

A day before, President Biden said in a White House press conference, that countries harbouring ransomware networks must take action to shut them down.

As even the naive knows Darkside, like its cousin Revil is believed to have roots in Russia. The big question that remains unanswered is, who or what forced Darkside to shut down and as a number of theories are doing the round over internet, we will discuss few of them to find out it they may be true.

1. Darkside Shutdown is an Exit Scam

Many of the Security voices believe that it may be a plan to an exit scam after minting more than $9 million within a week in Ransom primarily to avoid paying affiliates and to blame it on a law enforcement operation. Also as heat from US and other (maybe Russia) law enforcement agencies increases, it’s a good idea to shut the shop before resurfacing with a different identity. 

2. Kremlin Pulled the Plug

As the affiliate program was becoming more of an embarrassment to Russia, they choose to pull the plug. Well of course this theory makes a lot of sense especially after Dmitry Peskov , A spokesman for Russian President Vladimir Putin, told reporters last week “Russia has nothing to do with these hacker attacks, and had nothing to do with the previous hacker attacks,”  “We categorically do not accept any accusations against us.”

3. Biden Led USA sent Darkside to the Gallows

Logically it makes a lot of sense, especially knowing the powerful presence that the US has, and the kind of resources they can put in hunting the adversaries. Further it came just a day after the President’s press conference.   

 What do we believe?

We can not be sure at this moment but with time and more information eventually we may be able to link things together for one of the theories. However it may not be long before they resurface with a different identity and a new code of conduct.

Further, it doesn’t mean that Ransomware will become any lesser threat. The attacks may only mount up so keep your guards up. A good way to keep you updated with all that’s latest in global cybersecurity will be to follow our weekly blog “The World This Week”