A Goodbye Note to DarkSide Affiliates
Just in a span of few months, the DarkSide group has grown to be one of the key players in the ransomware industry. The perpetrators have earlier attacked CompuCom, Canadian Discount Car and Truck Rentals, and the US Colonial Pipeline. While ransomware groups attack vulnerable entities, they often target wealthy corporates. But hitting sensitive entities like healthcare, educational institutions, or government agencies will draw unwanted attention. And this happened in the case of the DarkSide group, which took over Colonial Pipeline and forced it to pay a $4.4 million ransom. This shook the US government as the President himself warned companies to remain vigilant and spotted that the perpetrators are from Russia! May they have planned a secret operation behind the warnings, as unknown law enforcement is somehow the reason behind DarkSideβs fall now.
β π―πππππ πΎπππππππππ (@ddd1ms) May 14, 2021 As posted in a popular Russian hacking forum, the DarkSide group announced the shutdown of their RaaS operations to their affiliates. The post, translated from Russian to English, read as; Soon after this, other popular ransomware groups like REvil and Avaddon has made a new post on their own dark websites, directing their affiliates of new rules while attacking targets. They now bar the affiliates from targeting sensitive entities like healthcare, educational institutions, and government agencies that disrupt the public and draw unwanted attention, as in DarkSide ransomware. blog payment server CDN servers At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked. The hosting support service doesnβt provide any information except βat the request of law enforcement authorities.β In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account. The following actions will be taken to solve the current issue: You will be given decryption tools for all the companies that havenβt paid yet. After that, you will be free to communicate with them wherever you want in any way you want. Contact the support service. We will withdraw the deposit to resolve the issues with all the affected users. The approximate date of compensation is May 23 (due to the fact that the deposit is to be put on hold for 10 days on XSS). In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck. The landing page, servers, and other resources will be taken down within 48 hours.β Further, the REvil group said the affiliates need permission before they exploit their targets. These moderation rules may force affiliates to shift to other ransomware groups or make the operators struggle, like in the case of Babuk ransomware.
