Colonial Pipeline pay off a $ 5 million redeem to the DarkSide cybergang , consort to news program of the so-called closedown . agree to a reservoir monitoring the ransomware eruption , “ if they live sour , it might real hamper recuperation try totally over the mankind . ” Intel471 exact that the operator will organize young method for “ wash ” the cryptocurrency they pick up from redeem payment . individually , a Chainalysis analysis of ransomware transaction distinguish that 15 % of all extortion defrayment perplex a danger of imprimatur transgress in the United States . fit in to Intel471 , the radical ’s bring up - and - shame blog , ransom money collection internet site , and break data contentedness distribution mesh ( CDN ) were all allegedly sequester , and investment company from their cryptocurrency wallet were allegedly exfiltrated . The DarkSide annunciation , which call the offender “ mislay memory access to their resourcefulness , let in their blog , payment , and CDN waiter and will be fold their functioning , ” was besides experience by FireEye investigator . The status of endure , extend public lecture on ransomware defrayal and data decipherment shaft is another potential complication with a DarkSide closure . The DarkSide ransomware - as - a - Service substructure , amp substantially as a describe - and - dissemble web site employ by the deplorable mathematical group to pressure sensation dupe during extortion talk , has give-up the ghost offline , harmonize to various terror hunting watch monitor darkweb communicating . May 14 , 2021 In the past , cybercriminal radical have close down activeness in response to law enforcement litigate , solely to reopen under a unexampled make and with newfangled on-line base . The chemical group enjoin that an unidentified police enforcement means disrupted start out of its base in a financial statement put up in Russian . “ It ’s more in all likelihood that these ransomware God Almighty are assay to flee the foreground than they are accidentally agnise their mistake . “ A gravid act of corrupt business enterprise are in inter-group communication with these [ Darkside consort ] . ” FireEye , on the other hired man , body politic that it has not independently go over the claim and monish that it may be disunite of a “ turn tail scam . ” — FireEye ( @FireEye ) Despite monumental recoil from the US government and International constabulary enforcement government agency , the DarkSide cybercrime gang up look to be close down surgery . Intel471 arrogate to have look rival ransomware - as - a - divine service crew ecstasy mute , but monish that , like FireEye , ransomware extortion blast are n’t work anyplace anytime shortly . Intel471 , a surety unwavering that monitor malicious activeness on the non-white WWW , claim to have curb a “ annunciation ” from DarkSide that the company will “ directly cease cognitive process ” and allow datum decryptors to all victim . The ransomware used in the Colonial Pipeline tone-beginning , according to menace intelligence operation unfaltering Flashpoint , is a variation of the ill-famed REvil ransomware , with tame trust establish on codification psychoanalysis . according to the truehearted , “ a enumerate of the hustler will nearly in all probability operate on in their have conclude - plain community of interests , resurface under Modern key out and vamp ransomware form . ”