He said the computer group linked to the cyber attack on the U.S. pipeline has been shut down

According to cybersecurity investigators, a cyber criminal charge has been blamed on a ransomware attack on a U.S. pipeline that caused drivers to run out of gas this week.

The news is that after the Colonial Pipeline Company made a rescue payment to hackers worth nearly $ 5 million, they said they were working on restarting its 5,500-mile network, people who knew the subject said.

DarkSide, the alleged Russian group that the FBI allegedly claimed to be responsible for the attack, has told affiliates that it is shutting down its services, said FireEye, a cybersecurity group designated to investigate the incident.

So far, DarkSide has retained the ransomware, but has leased it to others through a member program that cuts off proceeds from attacks that take control of an organization’s data or software and block owners from encrypting it until payments are made.

In a message on the dark web, found by researchers at Recorded Future and seen by the Financial Times, he also said he lost control of much of his public infrastructure – including his dark web blog and the server he uses to support rescue payments. and that his crypto funds were hijacked.

“The message referred to law enforcement pressure and U.S. pressure for this decision,” said Kimberly Goody, chief executive officer of FireEye’s Mandiant Threat Intelligence arm.

It is unclear whether the group’s infrastructure breakdown was corrected by the authorities, and whether DarkSide was taking offline with the intention of later resuming operations with a different look, known as the “fraud exit”.

Joe Biden President of the United States he said he has “strong reason” to believe that DarkSide hackers were in Russia, but did not believe Moscow was directly responsible.

“We have been in direct communication with Moscow so that responsible countries can take decisive action against these ransomware networks,” he said on Thursday.

Colonials challenged the payment to hackers using cryptocurrency, said two people who knew the subject. “It was a certain number bitcoin which added a hair of less than $ 5 million, ”one person said.

Colonial he began the process the pipeline – the central artery for the delivery of motor fuel to the eastern United States – was brought back to the grid on Wednesday. He said on Thursday that he would restart the entire system and start delivering products to all of its markets. He did not respond to a request for comment on the payment of the ransom.

The crisis has revived the debate over whether there should be a general ban on paying ransom for victims. White House press secretary Jen Psaki said Thursday that the federal government continued to argue that paying the ransom only sparked that blackmail activity and called on companies to tighten their defenses. The FBI advises against making payments.

Ransomware groups earned at least $ 18 billion in bailouts in 2020, according to the cybersecurity group Emsisoft, as hackers took advantage of the resulting cyber vulnerabilities to relocate employees to remote work. The average payment is about $ 150,000, Emsisoft data show.

Authorities are under increasing public pressure to hunt down and prosecute the attackers. Last Saturday, a group of tech companies, and agencies like the U.S. FBI, disrupted DarkSide, which was used to store data before it shut down U.S. servers before being sent to Russia, according to two people who knew the situation. . The removal and payment of the Colonial ransom were first reported by Bloomberg.

James Lewis, a cybersecurity expert at the Center for Strategic Research and the International, said there had been debates over whether efforts should be made to move forward and hack criminal rescue gangs, known as “hacking back”.

“People are talking about hackback. It’s on the radar again and that’s probably caused by the Colonial riots.”