DarkSide Servers Preparing for Ransomware Sales have Gone Silent

After DarkSide shut down the colonial pipeline in the United States, the popularity of the notorious Russian hacking group reached far and wide. The authorities eventually paid the threat actors a staggering $5 million to decrypt the shutdown systems. Later on, President Joe Biden requested Moscow to take action against the cyber vigilantes and issued a warning for launching an attack on the group. 

During the last few days, the threat actors have been planning to conduct a contest for inviting recruits. However, it seems that they have suddenly gone silent. As per media reports, the underground Russian group has dismantled operations and put a halt to any further discussions about ransomware. It is not clear that if the servers have been seized by the government officials or it is meant to throw off the watchdogs from intercepting the operations.

Cybersecurity Expert Claims that the Threat Actors would Rise Once Again with a New Name

Brett Callow is a cybersecurity expert at Emsisoft. In an interview with ITworldCanada.com journalists, he claimed that it seems unlikely that the threat of DarkSide has been averted. He explained that the bad actors are posing an exit scam to keep the lion’s share of spoils from colonial pipeline hack to themselves. He further added that the main aim of this divergence could be a willingness to not share their crypto assets with the rest of the crime associates. 

He also pointed the attention of the media to an emerging hacking group called Babuk. Babuk is setting up a new platform for cybercriminals who do not own a leak website. It should be noted that DarkSide has also pulled a huge data hijack attack on Ireland’s central health unit stealing data like personal information of patients, doctors, employees, internal fraud investigations, and health records. The same group is also thought to take part in the verified Twitter account hacks.

Security Agencies should be Careful to have more Attacks from the Same Hackers behind DarkSide

Callow further added that it is still not certain that how long the threat actors had been lurking in the pipeline before shutting it down. He warned IT security companies to warn their clients about using only secure passages for remote access. The Remote Desktop protocols and virtual private networks used for corporate networking have become the most favourable entry point for hackers in recent years.

The federal authorities of Ireland have refused to make any payments to the threat actors and shut down their IT systems. This tactic has made it difficult for the medical unit to conduct tests and continue procedures as normal. However, analysts like Cowell warn that ransomware technology is too lucrative and, therefore, such threats would not be stopping any time soon.