Multiple ransomware groups claimed they were shutting down or scaling back operations last week as the US government ramped up pressure while tech companies, cryptocurrency exchanges and others worried about getting caught in the crossfire.
DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that led to a six-day fuel pipeline shutdown, said it was going out of business after losing access to some of its servers.
Another major criminal gang said it would forbid encryption attacks on critical infrastructure, and forums where such gangs recruit partners said they were banning ads related to ransomware, analysts said.
US President Biden repeatedly warned the gangs and major host country Russia about consequences for a ransomware attack that prompted Colonial Pipeline to shut down the main supply line to the East Coast. That line was resuming full operation, but many pumps remain empty at stations in some states after days of panic buying.
Investigators said DarkSide provided the encryption software that a criminal affiliate used to render Colonial’s internal files inaccessible. It planned to split any ransom to recover that data with the affiliate, who the investigators have identified as another Russian criminal.
DarkSide claimed that some of its money had been transferred to new electronic wallets, though rivals and some US experts warned the group could be using the uproar as an excuse to cash out. Ransomware gangs commonly change names and membership.
It was not immediately clear whether the professed retreat was due to US diplomatic pressure, legal demands on technology providers or even government-backed hacking.
The FBI, Justice Department and White House National Security Council all declined to comment.
“Ransomware criminals are clearly getting nervous with all the heat coming down from US government and industry,” said Dmitri Alperovitch, who co-founded security provider CrowdStrike before starting thinktank Silverado Policy Accelerator.
If it continues, the moves would reverse a trend in the past two years of the gangs targeting more vital companies that are likely to pay to resume operations, or to have insurance coverage that will pay for them.
“Many will likely try to lie low for a few months in hopes that it will pass,” Alperovitch said.
“The key will be to keep up the pressure on both the criminal gangs themselves as well as the states like Russia that offer them safe haven from prosecution.”
Earlier this year, US authorities cited the ransomware surge as a national security threat and noted some overlaps with foreign government interests.
The Justice Department established a ransomware task force, and a public-private study panel issued recommendations including greater regulation of cryptocurrency.
The team at Platform Executive hope you have enjoyed the ‘Ransomware gangs disrupted by response to Colonial Pipeline hack‘ article. Automatic translation from English to a growing list of languages via Google AI Cloud Translation. Initial reporting via our official content partners at Thomson Reuters. Reporting by Joseph Menn. Editing by David Gregorio.
You can stay on top of all the latest developments across the platform economy, find solutions to your key challenges and gain access to our problem-solving toolkit and proprietary databases by becoming a member of our growing community. For a limited time, our subscription plans start from just $16 per month. What are you waiting for?