ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter
Terrorism

Ransomware gangs disrupted by response to Colonial Pipeline hack

Groups will 'lie low' until government pressure eases: CrowdStrike co-founder

A group of hackers calling itself DarkSide paralyzed a major fuel pipeline on the U.S. East Coast for several days, causing severe shortages.   © Reuters

SAN FRANCISCO (Reuters) -- Multiple ransomware groups claimed they were shutting down or scaling back operations on Friday as the U.S. government ramped up pressure while tech companies, cryptocurrency exchanges and others worried about getting caught in the crossfire.

DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that led to a six-day fuel pipeline shutdown, said it was going out of business after losing access to some of its servers.

Another major criminal gang said it would forbid encryption attacks on critical infrastructure, and forums where such gangs recruit partners said they were banning ads related to ransomware, analysts said.

U.S. President Joe Biden repeatedly warned the gangs and major host country Russia about consequences for a ransomware attack that prompted Colonial Pipeline to shut down the main supply line to the East Coast. That line was resuming full operation, but many pumps remain empty at stations in some states after days of panic buying.

Investigators said DarkSide provided the encryption software that a criminal affiliate used to render Colonial's internal files inaccessible. It planned to split any ransom to recover that data with the affiliate, who the investigators have identified as another Russian criminal.

DarkSide claimed that some of its money had been transferred to new electronic wallets, though rivals and some U.S. experts warned the group could be using the uproar as an excuse to cash out. Ransomware gangs commonly change names and membership.

It was not immediately clear whether the professed retreat was due to U.S. diplomatic pressure, legal demands on technology providers or even government-backed hacking.

The FBI, Justice Department and White House National Security Council all declined to comment.

"Ransomware criminals are clearly getting nervous with all the heat coming down from U.S. government and industry," said Dmitri Alperovitch, who co-founded security provider CrowdStrike before starting thinktank Silverado Policy Accelerator.

If it continues, the moves would reverse a trend in the past two years of the gangs targeting more vital companies that are likely to pay to resume operations, or to have insurance coverage that will pay for them.

"Many will likely try to lie low for a few months in hopes that it will pass," Alperovitch said. "The key will be to keep up the pressure on both the criminal gangs themselves as well as the states like Russia that offer them safe haven from prosecution."

Earlier this year, U.S. authorities cited the ransomware surge as a national security threat and noted some overlaps with foreign government interests.

The Justice Department established a ransomware task force, and a public-private study panel issued recommendations including greater regulation of cryptocurrency.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends October 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more