Group behind Colonial Pipeline hack to shut down operations: report

The group behind the ransomware attack on Colonial Pipeline is reportedly shutting down its operations.

The Wall Street Journal reported that a website run by the group DarkSide had been down since Thursday.

Security firms FireEye and Intel 471 told the newspaper that DarkSide lost access to the infrastructure it uses to run its operations due to disruption from law-enforcement. 

Intel 471 posted a statement from DarkSide, which was originally written in Russian, in a blog post on Friday.

The statement, first released on Thursday, said that the group lost access to a public part of its infrastructure due to law enforcement, though no specific agent was named. The group also blamed “pressure from the U.S.” without elaboration.

“In view of the above, and due to pressure from the US, the affiliate program is closed,” the group reportedly wrote. “Stay safe and good luck.”

The group said it would give its affiliates decryption tools for the companies that haven’t paid it yet, and would compensate all outstanding financial obligations by May 23.

The Hill has reached out to the FBI, Department of Justice and federal Cybersecurity and Infrastructure Security Agency for comment. 

The FBI confirmed on Monday that DarkSide was responsible for the cyber attack that forced 5,500 miles of pipeline to temporarily shut down.

While Colonial Pipeline said it had no plans to pay the ransom, Bloomberg News reported that the company paid close to $5 million within hours of the attack. The company was given a decryption tool to restore its networks, which was reportedly so slow that it had to use its own backups to help restore the system.

The White House declined to confirm reports that Colonial paid the ransom.

The pipeline said Thursday afternoon that it had resumed operations in full, but anticipates that it will be several days before supply chains return to normal. 

President Biden on Wednesday signed an executive order aimed at controlling federal cybersecurity in the wake of the Colonial hack and other major cyberattacks.