Darkside Ransomware Gang Says It Lost Control of Its Servers, Money a Day After Biden Threat

A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyberattack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments. From a report: "A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers," said Darksupp, the operator of the Darkside ransomware, in a post spotted by Recorded Future threat intelligence analyst Dmitry Smilyanets. "Now these servers are unavailable via SSH, and the hosting panels are blocked," said the Darkside operator while also complaining that the web hosting provider refused to cooperate. In addition, the Darkside operator also reported that cryptocurrency funds were also withdrawn from the gang's payment server, which was hosting ransom payments made by victims. The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said. This sudden development comes after US authorities announced their intention to go after the gang.

OK

[war4peace]

So what's going to happen with those funds, if the USA government snatched them? Will they go back to whoever paid them (in this case, Colonial Pipeline), or does the government keep it?

Re:OK

[grub]

I'm betting it is an exit scam to avoid paying their criminal affiliates.

Re:OK

[fahrbot-bot]

I'm betting it is an exit scam to avoid paying their criminal affiliates.

Or just someone in the gang, who had the passwords, got greedy, took the money and locked everything up to make it look like a takedown. Basically what you said, but more specific... Either way, won't the record in the crypto wallet show who withdrew the funds?

Re:OK

[grub]

No, the ledger will only show where it was sent to. If this crypto gets laundered through Monero or Zcash (or other anonymizing crypto), then that pretty much proves it wasn't the feds.

Re:

[NateFromMich]

No, the ledger will only show where it was sent to. If this crypto gets laundered through Monero or Zcash (or other anonymizing crypto), then that pretty much proves it wasn't the feds.

You're saying the Feds couldn't do that too?

Re:OK

[grub]

They don't need to. "We took your money and there's nothing you can do about it."

Re:OK

[F.Ultra]

Players like that want them to know it was them who took it.

Re:

[grub]

Sure, but in the past the feds have auctioned off crypto with no shenanigans. Just thinking Occam's Razor here.
/. doesn't allow editing or deleting of comments. Wonder if I'll read this in a year and feel dumb. :)

Re:

[tragedy]

They are hackers/crackers/whatever. Even when they're black hats, they have a tendency to talk about this stuff.

Re: OK

[Ronin Developer]

Like âoeVladâ in âoeGolden Eyeâ saidâ¦âI am IN- VINCE-ableââ¦right before he became a shattered icecycle.

Re:

[dryeo]

People get complacent, think they're invulnerable and talk too much. Some are just stupid, rob a bank and post photos on Facebook stupid.

Re:OK - follow the money

[vinn01]

Even if it gets laundered, it's gotta come out somewhere. The intelligence agencies are professionals at following money. If a random Russian housewife suddenly controls an account worth a few billion Rubles (millions USD), that's going to get noticed. Right now, any sudden changes of wealth is putting a bullseye on that person's forehead.

Re:OK

[timeOday]

I wouldn't be so sure? Kidnapping somebody is easier than successfully collecting the ransom and making a clean getaway. This is going to be a very good test of how untraceable any of this stuff really is.

Re:

[Antique Geekmeister]

Especially since the various cryptocurrencies are designed to resist law enforcement tracing.

Re:

[cayenne8]

I wouldn't be so sure? Kidnapping somebody is easier than successfully collecting the ransom and making a clean getaway. This is going to be a very good test of how untraceable any of this stuff really is.

"Pop quiz, Hot Shot...."

Re:

[Gravis Zero]

That sounds like solid plan to get yourself murdered in Russia.

Re:

[fahrbot-bot]

That sounds like solid plan to get yourself murdered in Russia.

There are easier ways... just say something mean about Putin -- bonus points if it's also true -- or run against him in an election.

Re:

[arglebargle_xiv]

That was my reaction as well. It's standard practice for Russian malware operators to shut down like this, not even to avoid paying affiliates but just to start again with a clean slate somewhere else. Declare defeat, move the funds somewhere untouchable, and come back a week later under a new identity.

Re: OK

[e3m4n]

Colonial never paid. Also in question is if these are ransom payments or payments for the malware. Darkside claims to sell the ransomware to third parties. They tried to appease by saying high profile targets are never their intent and they would do a better job vetting their 3rd parties to ensure the targets are low profile. That seems to indicate that Darkside is not collecting ransoms but selling illegal software. In which case the US will use asset forfeiture to keep the funds.

Re:

[edis]

Colonial never paid.

This contradicts reports they did, and have received tool to recover their assets, albeit this was slow process.
https://it.slashdot.org/story/... [slashdot.org]

Re: OK

[e3m4n]

https://www.reuters.com/busine... [reuters.com]
Is it possible that the government fronted the money and found a way to trace the bitcoin back to the servers? Ive heard of things like that for kidnappings using regular money, to organize a sting operation. Everything a couple days ago was pointing straight to them rather reinstalling everything from old backups than pay a terrorist.

Re:

[Anonymous Coward]

Yep.. that's how it works. Embed code in the bitcoin hash, same method to deploy as a .jpg attack except you use an exploit that was embedded in the Crypto Wallet Manager. It's one way to take down the dark underworld.

Re:

[bill_mcgonigle]

Some insiders are saying fedgov paid and the amount was much, much higher than publicly disclosed.

If true, that would be sufficient reason to fold up shop and retire.

Re:

[nomadic]

"They tried to appease by saying high profile targets are never their intent and they would do a better job vetting their 3rd parties to ensure the targets are low profille"

Never quite understood this; did they think people were going to say "oh, alright then, carry on?"

Re:

[e3m4n]

Apparently. A show of faith would have been "this 3rd party violated our terms of contract. Here are the keys to decrypt the servers. We have ended all ties with this 3rd party" ... their statement fell well flat of that, hence the retribution they got. If this was a Mob of Mafia operation, the idiot that brought federal eyes on the deal would already have a bullet in his head.

Re:

[nomadic]

But even then they made ransomware. I mean there is literally no legitimate use of it.

Re: OK

[LinuxLuver]

Pretty much. If you pick on smaller targets with little political influence and relevance, the government won't devote resource to catching you. It's been working fine so far.

Re:

[Black Parrot]

So what's going to happen with those funds, if the USA government snatched them?

Probably will fund CIA black ops.

Re: OK

[dwater]

Probably it'll go to more Xinjiang or Hong Kong terrorists...or something anti-china.

Re:

[igreaterthanu]

There's no such thing as East Turkistan / Hong Kong terrorists.

Re:

[andymadigan]

You're assuming they're telling the truth. These are criminals who know that they now have to scatter after drawing far too much attention to themselves. There's a number of possibilities for what happened:

1. The group is lying, hoping that this story will get law enforcement off their backs
2. Some other hacking group stole the money and hacked the servers
3. A law enforcement agency seized the money and hacked the servers
4. Some members of the group stole the money (no honor among thieves)
5. The NSA hacked

Re:

[cayenne8]

Yeah. Because the US government is famous for giving back money it steals from people.

I dunno, I hear about people getting a tax refuld back from time to time...

LOL..thanks a lot, I'll be here all week!!

Make sure to tip your waitresses and bartenders.

Here's an idea ...

[fahrbot-bot]

Someone send them a ransom demand ...

Re:

[tomhath]

Someone made them an offer they couldn't refuse.

Good.

[Striek]

Take everything they have and let them rot in prison for life.

It's about time some of these fuckers got their due.

go after the bitcoin exchange and miners for acces

[Joe_Dragon]

go after the bitcoin exchange and miners for accessory

Re:

[dmay34]

Bingo.

Re:

[tigersha]

Bingo 2

About that quote

[Beryllium Sphere(tm)]

It's insightful but there's no reason to think it's authentic.

https://quoteinvestigator.com/... [quoteinvestigator.com]

Re:

[dgatwood]

Live by the hack, die by the hack.

Re:

[dmay34]

They try something like this again and it won't be a hack that kill them.

Good.

[Gravis Zero]

Take every bit of money they have stolen and invest it toward reducing the national debt. The fact that people pay ransomware is directly connected to the existence of ransomware and therefore they should not receive a dime.

Hahahahaha

[gweihir]

So either the NSA "TAO" finally took an interest or some other criminals stole the money. Great show, would watch again!

Of course, I still think a company providing a critical service with IT security this bad should have all its C-Level executives stripped of personal fortune and jailed for a few years. The scum breaking in is one thing, but the scum not making breaking in hard when they had tons of money they could have thrown at the problem are known by name and deserve a lot of pain coming their way.

Re:

[algaeman]

There's a lot more possibilities than that. It could also be the Russian authorities deciding they need to make an example to show some due diligence, even though most of these guys are probably employed by the GRU or some other 3 letter agency.

Re:

[gweihir]

There's a lot more possibilities than that. It could also be the Russian authorities deciding they need to make an example to show some due diligence, even though most of these guys are probably employed by the GRU or some other 3 letter agency.

That I would count under "some other criminal gang".

Re:

[93 Escort Wagon]

Great show, would watch again!

I loved it! It was much better than Cats. I am going to see it again and again.

We established "rules of warfare" for a reason

[DeplorableCodeMonkey]

And we've lost sight of them in this area. Let's say it's Russia, and Russia were to actively support saboteurs that did physical damage that stopped the pipeline for a week. You know what that would be?

A legitimate casus belli. Taking the pipeline out by accidentally destroying internet-exposed equipment a la the Stuxnet attack would be the sort of thing that would justify Biden sending in half a dozen B2s deep into Russian airspace and carpet bombing all of their pipelines going to ports and Europe.

My gue

Re:

[Ostracus]

If that was the case then Russia would have been bombing us back in 1982. [risidata.com]

Re:

[vinn01]

A military advisor said: "Cyber attacks can be acts of war if they cause physical destruction. The US Department of Defense law of war manual states that some cyber operations should be subject to the same rules as physical, or “kinetic” attacks".

In this case, the pipeline operator chose to shut it down because the billing system was hacked. The pipeline has no physical damage. I would suggest that we change the law of war manual, because there can be a heck of a lot of economic damage without

Re:

[Ostracus]

Couldn't Star Wars (Reagan cold war program) constitute "economic damage" as applied to the USSR?

Irony

[kyoko21]

Even though the payment was made through a decentralized infrastructure, ultimately, it terminates at a single choke point and somehow the authorities took over that system.

Risk vs Reward

[vinn01]

The solution to ransomware is to change the risk/reward ratio. Right now there is far too much reward for very little risk.

In American history there have been other gangs of thieves; cattle rustlers, horse thieves, pirates, etc. When the risk/reward ratio changed, by harsh punishment such as hanging, the thievery ended.

Re:

[dmay34]

Have the Air Force make them a visit.

Re: Risk vs Reward

[dwater]

You realise that would not be the end of it. It wouldn't even be the end of the beginning. It would only be the beginning of the beginning.

Re:

[dmay34]

It would escalate it. But hackers are slowly escalating their war as it is. It is one thing to take down a pet store, it's another to take down critical infrastructure. There has to be a line somewhere.

The criminal nerds need to understand that there are serious consequences for crossing the line.

This makes no sense, or these hackers are idiots

[NFN_NLN]

> the Darkside operator also reported that cryptocurrency funds were also withdrawn from the gang's payment server, which was hosting ransom payments made by victims

Hosting ransom payments!? Are they not using a cold wallet which makes it effectively unidirectional - ie deposit only! The ONLY people taking payments out of a cold wallet are the owners.

They should get a visit form the Air Force

[dmay34]

That sound in the distance means all of your servers are about to go down.

Re:

[Lady Galadriel]

I think a nice, anonymous KEW would be just the thing. We can even call it a present!

That does require finding their physical location. But, hey with the cold war gone, what else are the spies supposed to do?
We can't have all them spies unemployed. Or worse, selling their skills to the highest bidder. Have them hunt down this a-holes and send in the KEWs!

And if that location happens to be a place we don't like, make the KEWs out of depleted uranium. Have to get rid of the stuff somehow.


KEW = Kinetic

Good

[Rick Zeman]

Thank you, NSA.

Re:

[organgtool]

And hopefully a sequel from the CIA. If hackers start experiencing a whole bunch of "accidents" then maybe they'll choose a profession of less "clumsy" people. And after that, the CIA can turn their attention to Indian call centers.

Re:

[DesertNomad]

+1 very funny!

Looking forward to the nuking of call centers...

Suggesting that the US has already gotten revenge?

[Babel-17]

That might help in keeping the politicians from nagging the cyber security forces every day to do something. What next? "Oh no, we were vax deniers who never wore masks and are now dying from COVID-19, woe is us, you win!".

No honor among cyberthieves

[Rick Schumann]

Don't think I need to explain what I mean by this, do I?

I like it.

[swschrad]

now, if we could just blow these sumbitches out of the water when we first start seeing the C&C traffic starting up....

funds transferred?

[tomhath]

The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet,

Which is it? I'm guessing #1

1) Gang members absconded with the funds

2) Someone inside the gang who knew the password double-crossed them

3) There's a way to steal currency out of a wallet

4) The hackers were hacked

The moral of the story is...

[cordovaCon83]

Don't piss off rich people. They can afford more hackers.

They're shocked, shocked!

[14erCleaner]

To discover that there are criminals with access to their servers!

What gall

[LucasBC]

re: ...complaining that the web hosting provider refused to cooperate

Good! Too bad for you. Kudos to the hosting provider, whoever they are.

Re:

[freeze128]

It's probably Comcast. Refusing to cooperate is second nature to them.

It's not a bug, It's a feature.

[RogueWarrior65]

Cryptocurrencies should have the option to bork people who get paid for ransomware attacks.

Re:

[Gravis Zero]

A Wish For All Ransom Gangs:
Hang them. Don't imprison them. HANG THEM. By the neck, until dead. In public.

You do realize that ransomware only exists because companies ignore security and then just pay the ransom, right? Criminals aren't innocent but neither are the companies they target.

Re:

[sunking2]

And women wear the clothes that they were so have it coming.

Re:

[djinn6]

Yeah, if by clothes you mean wearing nothing. While also being completely wasted. At an orgy.

Your analogy is shit.

Re:

[thegarbz]

And if they say no to you and you don't listen you're still a piece of worthless shit. Seeing a naked woman at an orgy entitles you to precisely nothing.

Re:

[djinn6]

From GGP:

Criminals aren't innocent but neither are the companies they target.

Next you'll be calling for "gross negligence" to be struck from the books.

Re:

[thegarbz]

Falling victim to a criminal is not being grossly negligent regardless if you leave your front door open or not. Stop victim blaming you worthless excuse of a human.

Re:

[djinn6]

Lol, ok. Why don't you post you bank account and password right here then? It's always the criminal's fault right?

Re:

[thegarbz]

It would be the criminal's fault. Always. In fact you seem to be so dumb to realise that you can't actually be charged with gross negligence if you are on the receiving end of a crime.

And no I won't post my account details online because (and this may shock you) criminals exist. And not just criminally stupid people like yourself.

Re: A Wish For All Ransom Gangs:

[aRTeeNLCH]

Well said! I won't hold my breath, but I'm looking forward to the yes-is-yes laws all around.

Re:

[djinn6]

I'm looking forward to the yes-is-yes laws all around.

Followed by false rape accusations everywhere and everyone filming themselves having sex because you can't prove it's consensual otherwise.

I know it's a really out-there concept, but maybe the law should go back to delivering justice on what it was meant for - harm. Harm that could be proven beyond reasonable doubt in court. Bruises, torn clothing, struggles heard by neighbors, damaged furniture. None of this he-said she-said bullshit. What's next? "He looked scary so I couldn't help but say yes"? "I signed

Re: A Wish For All Ransom Gangs:

[aRTeeNLCH]

Many cases of rape actually have the woman freeze and incapacitated from defending herself. And the guy later saying he didn't realize her silence didn't imply consent. It would shatter me, as a guy, to find that it wasn't consensual. Luckily, never happened to me, but I'm sure I've known people in that situation. Up to the yes-is-yes requirement by law, it's always been "stupid" to interrupt and ask questions, sort of unfitting, but from that point onward, women will have to say they want to get boned. Of

Re:

[djinn6]

It would shatter me, as a guy, to find that it wasn't consensual. Luckily, never happened to me, but I'm sure I've known people in that situation.

Do you think they should get 10 years for making that mistake? Even if they wanted to ask, it's easy to forget it in the moment.

Up to the yes-is-yes requirement by law, it's always been "stupid" to interrupt and ask questions, sort of unfitting, but from that point onward, women will have to say they want to get boned.

That's not enough. Women can retract their consent at any time (as they should be able to), which means unless they're screaming "yes" the entire time, you don't have positive consent.

No-means-no is a much simpler contract, and that should be the social standard. However, the courts should still act on evidence of such a "no" beyond just what the woman says.

Not long ago, a German "hot" woman was taped during rape by two guys, they got her very drunk, she couldn't fend them off, but she can clearly be heard to protest. Verdict: innocent.

As I said, evidence of h

Re:

[fustakrakich]

You do realize that ransomware only exists because companies ignore security and then just pay the ransom, right?

I think you know the routine. It's a simple cost/benefit ratio between security and ransom.

Re:

[Chelloveck]

It's just good business. If your ransom payments are $5M, but it would cost your $10M to secure your systems, it's more profitable to ignore the security and just pay the ransom.

never pay ransomware

[John_Sauter]

It's just good business.

Yeah, that's why it's routine practice, but it's not good service. That's what we are supposed to demand

This is a tragedy of the commons problem. Paying ransomware will get you your data back quickly, but encourages the practice and so is bad for everybody else. In the long run it is also bad for you, because you now have a reputation for paying.

Re: A Wish For All Ransom Gangs:

[ArmoredDragon]

It's risk management, and accepting a risk instead of mitigating, transferring, etc, is valid and ethical depending on the circumstances.

Re:

[Gravis Zero]

I think you know the routine. It's a simple cost/benefit ratio between security and ransom.

I know why and I also know that makes them responsible for the continued proliferation of ransomware.

Re:

[OrangeTide]

How about we set some responsible security standards, and make private companies liable when they don't follow those standards, and require companies to have liability insurance for that cases where they do follow standards but still get hacked. There is a way to address a big chunk of the online crime, but we'd rather do fuck all about it.

 

Re:A Wish For All Ransom Gangs:

[Applehu Akbar]

We don't like homicidal psychos like you roaming around outside of mental health facilities either. Financial losses and being inconvenienced aren't valid excuses to murder people...

But breaking into hospitals and vital infrastructure sure is.

Re:

[The Evil Atheist]

As pissed off as I am at them, no, it isn't. Don't let blind rage guide your choices.

Life imprisonment with no parole at a maximum security prison is a much more better outcome. If they want tax payers to pay for their lifestyle, I'll be happy to oblige.

Re:

[Applehu Akbar]

As pissed off as I am at them, no, it isn't. Don't let blind rage guide your choices.
Life imprisonment with no parole at a maximum security prison...

This might be the approach if we shunted them through a conventional, major-nation justice system. But what we're dealing with here are offshore, subnational groups that target life-critical activities and are beyond the reach of conventional law enforcement. It's not the Chicago Mob, but more like Boko Haram.

Blind rage, exercised by homicidal psychos, is exactly what needs to be used against them. And make sure they get video and put it on YouTube.

Re:

[John_Sauter]

As pissed off as I am at them, no, it isn't. Don't let blind rage guide your choices. Life imprisonment with no parole at a maximum security prison...

This might be the approach if we shunted them through a conventional, major-nation justice system. But what we're dealing with here are offshore, subnational groups that target life-critical activities and are beyond the reach of conventional law enforcement. It's not the Chicago Mob, but more like Boko Haram.

Blind rage, exercised by homicidal psychos, is exactly what needs to be used against them. And make sure they get video and put it on YouTube.

Nonsense. If the actors are beyond the reach of justice, ignore them and concentrate on the threat. Treat the threat of ransomware like the threat of a natural disaster, such as a tsunami. Build your sea wall high enough to let you survive the biggest tsunami in recorded history, plus 10 percent to allow for your ignorance. You will survive while your competitor down the coast is overwhelmed.

Re:

[Applehu Akbar]

There is only so much security you can aply to a target before the security renders the applications themselves useless. Look at the adjacent thread on the corrosive effects of CAPTCHAs on Internet interaction. In other words, there is no seawall high enough to keep out the largest possible tsunami.

If we can't get at ransomware gangs themselves, I can see supercomputers and quantum processing being applied to break cryptocurrency, or at least break the anonymity of crypto. The short-term financial rewards o

Re:

[John_Sauter]

There is only so much security you can aply to a target before the security renders the applications themselves useless. Look at the adjacent thread on the corrosive effects of CAPTCHAs on Internet interaction. In other words, there is no seawall high enough to keep out the largest possible tsunami.

Maybe I'm an optimist, but I don't believe this. You might need to fix a lot of software, but it must be possible to defend against ransomware attacks. Perhaps you need an e-mail client which lets you see a message without letting it execute. Perhaps you need a backup procedure which immediately writes every newly-created or modified file to write-once storage, and lets you retrieve any previous version. I am sure you need fine-grained security, in which users can only read the files they need to read t

Re: A Wish For All Ransom Gangs:

[backslashdot]

You did? Anyway, so what? If it was so great, how did it get us to this point? Our ancestors also had world wars, civil wars, various conflicts, slavery all over the world. They also thought the Earth was flat. Not sure they necessarily had the greatest sense of judgment as we go further and further back in time.

Re:A Wish For All Ransom Gangs:

[SirSlud]

Is that why nobody steals anything anymore? We stopped doing shit like that because it was easy to demonstrate that after a certain point, increasing the severity of the punishment didn't lead to additional deterrence. That's the enlightened choice of barring cruel and unusual punishment in a civilized society. After a certain point, it doesn't eliminate crime, it only leads to unmeasurable differences in deterrence if any, and it involves having people who're supposedly on the good side of the law practice cruelty against other humans in a system that is frequently and demonstrably prone to error.

Re:

[tigersha]

There is. Fundamental difference between stealing and shutting down the energy infrastructure of an entire county. The one is an act of war. If this was some tinpot dictatorship the cruise missiles would have been raining down already .

Re:

[SirSlud]

Adorable posturing, big guy. Let me know when somebody shuts down the energy infrastructure of an entire country.

Re:

[dryeo]

Financial losses and being inconvenienced aren't valid excuses to murder people.

We used to hang horse thieves.

Whether it was the actual horse thief or not.
You just have to look at the innocence project and how many innocents they have found on death row to know that hanging is not a good idea.
Extreme punishments don't mean anything to someone who doesn't think they'll be caught, better to raise the odds of getting caught with enough punishment to deter.

Re:

[Bobrick]

No, you're an idiot.