The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.
The affiliate posted lots of principled nice-guy comments about their plans and policies as part of the statement. The cyber intelligence firm Intel 471 commenting further on the whole affair considers the statements mostly to be smokescreen, trying to cover their butts.