U.S. Cyber Command did it? Attack on U.S. oil pipeline hacker’s server shut down, ransom money disappears

The Dark Side, the hacking group that attacked Colonial Pipeline, the largest fuel pipeline operator in the United States, has ceased operations and lost control of some of its ransom demands after its servers were shut down today by unidentified individuals. The hacker group’s servers were shut down today by unknown parties, losing control of some of the ransom money.

Recorded Future, a U.S. cybersecurity consulting firm, said Darkside had admitted in a Web posting that it was unable to connect to specific servers for blogs and pay-per-use.

“Recorded Future threat intelligence analyst Dmitry Smilyanets said he found that Darkside ransomware operator Darksupp wrote on its website, “A few hours ago, we were unable to connect to the public part of our infrastructure. That is, blogs, payment servers, DOS servers.”

AFP reports that connecting through the TOR browser on the Dark Web displays a notice that the Dark Side URL can no longer be found.

According to Recorded Future, Darksupp, who operates the Dark Side, also said that the cryptocurrency ransom money had been removed from the servers, leaving the organization devastated. After holding the victim’s IT system hostage, Dark Side claimed that it would provide the tools to unlock it upon receipt of the ransom.

There are conflicting opinions as to who actually took down the Dark Side’s computers. Some suspect that the U.S. Army Cyber Command acted, as the 780th Military Intelligence Brigade’s Twitter account retweeted the report shortly after it was released by Recorded Future. The report.

Asked at a congressional hearing today whether Cyber Command has taken action against the dark side, Cyber Command Commander Paul Nakasone said he would not discuss the unit’s actions.