Colonial Pipeline hacker DarkSide claims it will cease operations

Cybersecurity firms said the move was likely an attempt to evade scrutiny following the pipeline hack

The ransomware group deemed responsible for the dayslong shutdown of the Colonial Pipeline said it would cease operations, cybersecurity experts said Friday.

The group known as DarkSide said in a message to hacking affiliates that it was shutting down after its web servers were seized and cryptocurrency was drained from its accounts, the cybersecurity blog Krebs on Security reported. The group attributed the shutdown in part to pressure from unnamed law enforcement agencies.

"In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck," the group said in a message obtained by cybersecurity firm Intel 471. "The landing page, servers, and other resources will be taken down within 48 hours."

DarkSide said it would release decryption tools for companies who had yet to pay ransom in response to the groups’ demands. The website operated by DarkSide ceased operation on Thursday. 

PELOSI SAYS COLONIAL PIPELINE, OTHER FIRMS SHOULDN'T PAY RANSOM TO HACKERS

Colonial Pipeline did not publicly say whether it paid a ransom to regain access to its data. However, multiple outlets reported that company officials paid nearly $5 million in cryptocurrency to the hackers.

The pipeline shutdown triggered panic-buying in several states and prompted concerns about a potential fuel shortage due to the interruption to scheduled deliveries. Colonial Pipeline said on Wednesday evening that it had restored operations, though it warned that a return to full service would take time.

Intel 471 said DarkSide’s announcement and actions can likely be "tied directly to the reaction related to the high-profile ransomware attacks covered by the media this week."

CLICK HERE TO READ MORE ON FOX BUSINESS

"However, a strong caveat should be applied to these developments: it’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways," the firm said. "A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants."