Ransomware targeting U.S. pipeline operator decommissioned



The servers of the Darkside ransomware, author of a cyberattack on a pipeline in the United States, decommissioned. – Andrew H Walker / Shutterstock / SIPA

Put offline. The servers of Darkside, the hacker group behind the cyberattack that targeted the US oil pipeline operator Colonial Pipeline last week, have been taken out of service, cybersecurity firm Recorded Future said on Friday. The hacker admitted that Darkside ransomware lost access to several of the servers the group uses to host their blog or get paid. Accessible via the TOR browser on the darknet, the underground version of the Internet, the Darkside site was inaccessible this Friday morning.

Earlier in the day, Toshiba TFIS, a French subsidiary of the Japanese technology group Toshiba, which specializes in printers, admitted having “suffered, on the night of May 4, an act of hacking by Darkside ransomware which had already attacked numerous businesses of all sizes ”.

“No data leakage”

The Japanese group had said in a separate statement that the damage was contained in part of Europe and that the hackers had not had access to customer data. According to Toshiba TFIS, “data untouched by viruses could be recovered and the amount of work lost was very minimal.” The subsidiary also claims to have detected “no data leak”, while screenshots of a Darkside claim announcing a leak of 740 gigabytes of data circulating on social networks.

“The hacked account was blocked within 10 hours of” the attack, the company explains. “It therefore seems unlikely to us that such a large amount of data could have been extracted in this period of time. “” The claim is very credible, “said Valéry Marchive, editor-in-chief of the magazine. LeMagIT, specializing in cybersecurity. But according to this expert, “the Darkside site is no longer accessible at present” on the darknet.

Suspected of being linked to Russia

Darkside appeared publicly in August 2020 and specializes in ransomware attacks against businesses, a process that involves exploiting security holes to encrypt and block computer systems, demanding a ransom to unlock them.

The criminal group is behind the hack into the Colonial Pipeline, the largest in the United States for refined products, which restarted its entire system Thursday evening after being paralyzed over the weekend, according to the US federal police. -end last. The group, suspected by some experts to be linked to Russia, offers a ransom platform to “affiliated” hackers, these hackers and the group then sharing the ransom.



Source link