https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/ Advertisement [107] Advertisement [52] Krebs on Security Skip to content * Home * About the Author * Advertising/Speaking DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized May 14, 2021 163 Comments The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. "Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account," reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel. [ds-bye] "A few hours ago, we lost access to the public part of our infrastructure," the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. "Hosting support, apart from information 'at the request of law enforcement agencies,' does not provide any other information," the DarkSide admin says. "Also, a few hours after the withdrawal, funds from the payment server (ours and clients') were withdrawn to an unknown address." DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven't yet paid. "After that, you will be free to communicate with them wherever you want in any way you want," the instructions read. The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide's core members are closely tied to the REvil gang. The REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the "social sector" (defined as healthcare and educational institutions) and organizations in the "gov-sector" (state) of any country. Affiliates also will be required to get approval before infecting victims. The new restrictions came as some Russian cybercrime forums began distancing themselves from ransomware operations altogether. On Thursday, the administrator of the popular Russian forum XSS announced the community would no longer allow discussion threads about ransomware moneymaking programs. "There's too much publicity," the XSS administrator explained. "Ransomware has gathered a critical mass of nonsense, bullshit, hype, and fuss around it. The word 'ransomware' has been put on a par with a number of unpleasant phenomena, such as geopolitical tensions, extortion, and government-backed hacks. This word has become dangerous and toxic." In a blog post on the DarkSide closure, cyber intelligence firm Intel 471 said it believes all of these actions can be tied directly to the reaction related to the high-profile ransomware attacks covered by the media this week. "However, a strong caveat should be applied to these developments: it's likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways," Intel 471 wrote. "A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants. Additionally, the operators will have to find a new way to 'wash' the cryptocurrency they earn from ransoms. Intel 471 has observed that BitMix, a popular cryptocurrency mixing service used by Avaddon, DarkSide and REvil has allegedly ceased operations. Several apparent customers of the service reported they were unable to access BitMix in the last week." This entry was posted on Friday 14th of May 2021 11:44 AM Ne'er-Do-Well News Ransomware Avaddon BitMix Colonial Pipeline ransomware attack DarkSide ransomware Intel 471 rEvil XSS [109] Post navigation - Microsoft Patch Tuesday, May 2021 Edition 163 thoughts on "DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized" 1. Play stupid games... May 14, 2021 Sounds like DarkSide learned what dictators and cybercriminals alike have known for decades: Want to shut down international logistics and shipping? Ok. Kill people by shutting down hospitals? The FBI will get around to investigating it. Commit some war crimes here and there? Maybe a condemnation and some sanctions. Fuck with America's oil? Get ready to learn about American liberty. And by liberty, I mean you're going to liberated from everything you hold dear. Reply - 1. Charlesofaberdeen May 14, 2021 You hit the nail right on the head with that comment Reply - 2. Texas Steve May 15, 2021 This comment made me laugh because it's so true. Cybercriminals: "hey, we can practically do anything we want and get away with it". Russian cybercriminals: "hold my beer". Reply - 1. J.D. May 15, 2021 They are a European group from many countries from what I read. Reply - 3. Jim Getten May 15, 2021 Palantir. That who got them. Probably one of the best data mining stocks you could buy today. Reply - 1. Jim May 15, 2021 Any source on this? Reply - 4. John M Kramer May 15, 2021 In other words, FAFO. Reply - 2. Curtis Garcia May 14, 2021 Should be automatic mandatory death penalty for this sort of piracy. Reply - 1. LinuxLove May 14, 2021 Yet the NSA didn't get in any trouble when they caused 6+ deaths and billions of dollars in damages when they refused to notify microsoft about EternalBlue, then got hacked and their exploit leaked, and caused untold amounts of damage across the world. Or when the CIA was busted hacking into Senate computers to delete evidence about the CIA's enhanced interrogation program, nobody got in trouble there. An automatic death sentence? are we North Korea? Reply - 1. Timodeous May 14, 2021 Soon it'll feel like it if Biden just keeps up making Exec Orders instead of constitutional laws Reply - 1. Bitters May 14, 2021 Kinda exactly like the previous asshole Reply - 1. BaliRob May 15, 2021 The US will, eventually, realise the stupidity of electing a no-brainer for President. Never has the US needed a stronger leader than now. Much of the World respects and admires the US and its way of life and is very sad at current developments. Whatever your opinion - @Bitters - nothing gives you the right to call a President who was elected with an enormous majority an "asshole". It also lowers the tone of this Forum. Reply - 1. Helmut May 15, 2021 Ummmm...actually doesn't the constitution actually give him that exact right? You may not like the tone of the message but that is a person problem. The content of his message is his alone and his viewpoint and 100 percent supported by our founding fathers. Or am I missing the basics here? Reply - 2. Randy May 15, 2021 Uhmm, President Trump lost the popular vote by 3 million! Reply - 1. Walt Lindgren May 15, 2021 BidenVotes TrumpVotes OtherVotes Biden Share U.S. Total 81,282,916 74,223,369 2,891,441 51.3% Reply - 2. Walt Lindgren May 15, 2021 BidenVotes TrumpVotes OtherVotes Biden Share U.S. Total 81,282,916 74,223,369 2,891,441 51.3% Reply - 3. Kevin D May 15, 2021 But he literally is an asshole. He's rude and condescending. Everything I have seen over the decades that he's plastered himself in the public eye gives the impression that unless you want something from him (fame, money, association, political influence) he'd be a hard person to be friends with. He's repeatedly and publicly consistently shown he treats women like trash. He's consistently shown he's not averse to badly lying. He may be everything he's hyped up to be as a businessman and a president (he's not), but he's still an asshole. Reply - 4. David H.K. Huff May 15, 2021 Trumpy Dumpy lost in a "landslide of 305 Electoral College" votes, words he himself used in 2016 but not so convenient I guess in 2020. In both elections he failed to capture the popular majority vote, losing by over 3 million in 2016 and by a crushing 6 million in 2020 to cement his legacy title as "America's Worst Loser Ever" when it comes to presidential elections. Reply - 5. Tom May 15, 2021 We had a choice between the town bully and the village idiot last November. Sadly, we chose the village idiot. Reply - 6. John M Kramer May 15, 2021 Well said. People need to get cured of their Trump derangement. Reply - 2. TheDuck May 14, 2021 What has Biden got to do with this? What a garbage comment. Reply - 1. Lindy May 14, 2021 Agreed... you could write how you love roses or long walks on the beach.... someone will turn it into a political battle. Reply - 1. Robert Hume May 15, 2021 Some motherfuckers are always trying to ice skate uphill Reply - 2. Jim Stinson May 15, 2021 I believe he was just referring to the direction Commie Joe is trying to take the country. Kinda a mix between Cuba/ Venezuela/Sweden. But due to the feeling I get from your comment, I think maybe you're leaning that way yourself. Do the American people a favor and move out of the country and take all those liberal A-holes with you. Reply - 1. Free Mpg May 15, 2021 It's something to behold the length to which leftists will go to defend a communist-compromised demented pedophile, aka, Joe Biden, in an effort to sustain the Big Lie that Trump had dictatorial aspirations because he represented the vast majority of the American people against Washington DC elitists who themselves seek to exert Hunter Games-level dictatorial control. Reply - 1. Andrew May 15, 2021 Looks like YOU bought into the Big Lies... Whoever "Q" is... He, she, or THEY (can't rule out a state Intel agency) are... He/ she/they are LYING his/her/their asses off!!! Donald Trump betrayed his oath and the nation!!! Reply - 2. Paul Dodd May 15, 2021 Sweden is a great country to live in, regularly comes in before the U.S. on most polls. Reply - 3. xanna May 15, 2021 Spoken like someone who has never left their own state. Reply - 1. plb4333 May 15, 2021 you had no clue, just nonsense Reply - 4. Tim May 15, 2021 Define communist. What has he done so far that you can legitimately label him communist? Moreover, the last president we had acted the way he did because of the orangutan gene. He is literally responsible for the deaths of over 500k Americans, the economy tanking, consistent lies about practically everything. In 2016 I planned to vote for him, however after listening to him speak of women the way he did, I had to think about touching my daughter in the way he spoke of and I couldn't validate that behavior. He has been caught on tape attempting to influence state election officials for which he may wind up in prison and I could go on with a myriad of other things but anyone that still sides with wannabe dictator who has failed at his coup of our country, they are the ones who should leave this country and before you leave, look up the definition of communist. Oh and leave the American flag behind that I fought for because you don't deserve to carry my boots let alone the flag that so many have fought and died for. Rant done, out here. Reply - 1. Darryl S Harrington May 15, 2021 Thank for you service Reply - 3. Joe Schmoe May 14, 2021 And queue the ignorant redhat comment. Trump still holds and will continue to hold the record for most EO's in a 4-year term. Reply - 1. MSB May 14, 2021 Not for long. Biden is easily set to surpass him both in EOs and in spending in half the time. And the numbers aren't even close. People need to take the rose tinted goggles off, Biden is just as bad as Trump and has screwed us royally in so many areas. We're also doomed another four years of someone on the far right side in 2024. So nothing is going to get better. Because Biden who claimed 'healing' has done anything but, in fact he's made the division unhealable and there's no overwhelmingly polarizing figure like Trump to make the Democrats go out and vote like they did this year, while Republicans and Moderates have all the reason in the world to go out and vote in the same 75million+ numbers they did before. Frankly, this country is better off just splitting between the two parties at this rate. The USA had a good run, but it's over now. There's no going back after Obama, Trump, and Biden divided this country irreversibly. Three of the worst presidents to ever exist. Reply - 1. Michael B May 15, 2021 Those people who voted for Trump in 2016 , 75+ mil, were not all Trumpers. They were people like myself who were duped by Trump the con man. Trump rode the tides of 2016 perfectly and came away the President, but like the old Who song, "We won't be fooled again", as shown in Biden's numbers in 2020. Trump will do NOTHING in 2024, we hope he dies b4 the embarrassment of that election. The man sent people to attack his own VP. Trump is no better than a mafia thug. Reply - 2. Mike H May 15, 2021 Maybe (just maybe) the views and values of the American people are too broad and diverse to be properly represented by just two political parties. I also don't understand why conservatives are so us vs them while we as a nation are going through a severe crisis. If anything, this nation NEEDS sane and rational leadership from local all the way up to federal if we have any hopes of beating this pandemic and getting the economy rolling again. Just the $0.02 of an Independent getting fed up with this partisan clownshow we call a "government". Reply - 1. ContraversyMan May 15, 2021 We don't need more parties and more division, we need to hold both parties responsible as a whole! The US government has failed us in the following forms: education, Homeland Security, development, technology, sustainability and pretty much everything else, they claim they own everything, but they maintain it like dirty slumlords while charging us top dollar! They need to be retired altogether! Reply - 1. Tatiana May 15, 2021 So agree..I never voted for Trump for so many obvious reasons that I find it extremely difficult to understand how he's leading a cult. I voted against him, not because I ADORED the opposition. Our government, as a whole, sells our votes to the highest bidder and that is not the people who elected them. Both sides LOVE the division.. it's distraction and misdirection so we're not focused on them. Reply - 4. Marston May 14, 2021 More than 50% of the orders that Biden has made revoke orders made by Trump. If Biden's aren't Constitutional, then neither were Trumps. ego... Reply - 1. Paul Dodd May 15, 2021 True. "ergo"? Reply - 5. Faux News May 14, 2021 The only president we've had in the last century that could be described as an "aspirational dictator" was Trump. Reply - 6. Paliku May 15, 2021 Oh yeah, now it is a bad thing... I guess coping GOP strategy is a bad thing. Reply - 7. NotPetya May 15, 2021 Avail yourself of Google and educate yourself. Obama did 35 executive orders during his 8 years. Trump did 55 executive orders during his 4 years. So far Biden has done 40 and majority of those were to correct all of Trump's bs. It's amazing the amount of ignorance when there is so much information available for free. Reply - 1. T May 15, 2021 You are correct. With the invention of Facebook, anyone who believes in anything that our orangutan last president was good, received their information from Fakebook. The sad part is that so many people continue to follow that ape off the cliff. I just wonder if they plan to put money in his canteen at prison. Reply - 8. J.D. May 15, 2021 So true! The concerns me that some people are so naive that they don't understand that what you're saying is exactly what can happen. Reply - 2. ReadandShare May 14, 2021 Nobody said the world is fair. Mess with the world's sole superpower at your own risk. Of course, other times, the superpower also acted as a force for good. Reply - 1. Paul Dodd May 15, 2021 Or bad. Nobody wants to really mess with China or Russia either. Power corrupts. Reply - 3. twib May 15, 2021 That's how you stop the cybercriminals. Kill one or two in public and send out a message. This is what will happen to you if you commit this type of crime. Put today's politicians don't have balls to do it. Everyone that's in power are looking for their own profits. Reply - 4. Thomas Muller May 15, 2021 The biggest lawbreakers of all!we as civilians have to abide by the laws of the land but yet those who are supposed to uphold the law break it on a daily? Now you be good little boys and girls and we'll do the law breaking to get what we want by any means necessary! when they get caught or confronted with criminal allegations!let the cover up begin!They will do this by any means that deem necessary to proof their Innocents or proof your guilt and i mean anyway necessary! we've seen it and it's been proven within the court of law!they want to divide and conquer the masses!So we as the general population must stick together and not let them succeed! They try to separate the masses by using religion against us and so-called racial issues and the so-called tier system of upper class,middle class and lower class!we are just people trying to get along and survive in society that's it! divide and conquer the law abiding citizen.Create scenarios so the masse fight amongst themselves.Drive us apart and they will succeed!they want to control us like lost milling around sheep!we as law abiding citizens must maintain self control or what they want to do will be successful! don't let history repeat it's self like it has in alot of foreign lands!family, unity and forgiveness to our fellow brothers and sisters for we must come together and stay together to overcome these criminal activities by our so called political higher archy! Reply - 5. ContraversyMan May 15, 2021 Might as well be North Korea, clearly we are living in an unsafe, uncontrollable third world country where our most sacred infrastructure is put online instead of being protected by a closed loop system in order to give free access to any terrorists willing to exploit it and then passing the cost on to consumers for thier own short-sightedness. Reply - 2. Greg May 14, 2021 If there ever was a need to protect the civilized world, these ransomware incidents need special attention. Delta Force or Seal Team 6 needs to look after them. Reply - 3. Paul Dodd May 15, 2021 How is it going to be automatic? Your device battery explodes - too late to say sorry, it was typo... Boom! Reply - 3. Blake Carrington May 14, 2021 You have messed with the wrong Carrington. Reply - 1. Susan May 14, 2021 I hear you Blake they sure gave! Not this Carrington but the other Carrington. Reply - 4. Dennis Baatlett May 14, 2021 These guys are modern day pirates. The solution is the same as that applied to the pirates of his day by Julius Caesar. Crucifixion. Guaranteed 100% effective against recidivism. Reply - 1. DelilahTheSober May 14, 2021 I agree completely. Sometimes traditional frontier justice is exactly what is needed. Reply - 5. W4phle_Stomp May 14, 2021 It's less important to me whether they were infiltrated by another or simply pretended to be infiltrated and absconded with the treasure. What's more important is the incessant parade of users, healthcare, industry, corporate, Gov't, SMEs, home users, who insist on using a deeply flawed proprietary OS which has about 35 years of history to prove it is deeply insecure and has always been so. It boggles first why infrastructure and utilities feel the need to have their critical systems online and not insular, protected from the internet. Second, I'm baffled why healthcare and Gov't agencies use Windows with it's historically-proven lack of security and exploitability. Though I use Linux and BSD, I'm not specifically advocating for any flavour of those above, but I am advocating for using OSes which are provably more secure - yet, they always aim for convenience over security, and if they aren't ransomed for their system's functionality, they're breached with the customers' or clients' data stolen. Reply - 1. ausoleil May 14, 2021 It's not just Microsoft products -- home routers are notoriously insecure, and some vendors (looking at you, ASUS) initially tried to claim that their insecurity was actually a feature. Commercial routers for the SMB market aren't much better, for example Sonicwall just released patches for three zero-day vulnerabilities to its hosted and on-premises email security products. Apple has its share of flaws, as does Linux and others. IOT security is an oxymoron, as is printer security -- remember how someone found 800,000+ printers with ports 9100, 515, and 631 open to the public Internet on Shodan? And that's before admin configuration mistakes and users bypassing or ignoring security practices come into play. Yeah, Microsoft is definitely a poorly secured OS by default and often by design -- but they are by no means alone. Reply - 2. Willllll May 14, 2021 convenience vs security, pick one. Have you ever tried to teach a random adult how to do something even halfway complicated with a computer? They often can't or won't learn. Windows is familiar and has been made easy to use for a long time. And are the other OS really truly more secure? or less attacked?.... Reply - 1. Paul Dodd May 15, 2021 Security and convenience don't have much to do with each other in an OS. OK, MFA is less convenient than a passwordless access. Man hacks come from unpatched sw bugs. Reply - 2. Mike H May 15, 2021 YubiCo did a great job of achieving that. I can't say enough good things about the YubiKey 5 series. Reply - 3. Sean Flanagan May 14, 2021 These attacks routinely require a user to click on a link within an email in order to infest the system. The OS has nothing to do with this problem. Reply - 1. Robert Partridge May 14, 2021 Exactly! Social Engineering exploits the weakest link in the system, the human element. And malicious actors will continue to be successful at. Reply - 2. Not all fails are equal May 14, 2021 That's not the bottom line only way and yeah the OS and everything around it does matter, sorry, wrong. Reply - 3. Howard L. May 14, 2021 I can agree with this 100%. I had to stop someone applying for a disaster loan from using his SSN as a password. A system is only as secure as its most careless or least informed user. Reply - 4. IndustryInsider May 15, 2021 Why? Because Windows has proven support systems and armies of employees just waiting for you to call and tell them something is wrong. MS has SLA's that it lives up to or it pays guarantees. When you are big business or big government, and something goes wrong, you can be on the phone talking to Satya in 5 minutes. When your Linux distro goes tits up, who are you gonna call? Linus? Think he'll give one whit about your problem, or just scream at you that you're a moron and not doing it right? It's not about "convenience" - it's about knowing there's someone's butt on the line that you can call when the real crap hits the fan. Microsoft will bust their butt to fix your problem *right this minute*, if it's a big enough problem (and they have a huge army with which to do so, on demand). They spend millions every year on security training for employees, and deal with actual global threats (like foreign enemies) that sound like plots out of James Bond novels (and that you never hear about). They have an outstanding track record of finding and fixing security issues, on the order of thousands a year, most of which aren't even in MS products. But ultimately, that's why the OS continues to exist. Even one security hole (from the last 35 years as you say) left unplugged would render the OS unusable; but it's not. It keeps on trucking. Risk management isn't just picking the "most secure platform". That said, I do agree that a hardened Linux box is the best choice *for certain applications* - like infrastructure - if you have the knowledgeable staff to secure and support it. Reply - 5. Paul Dodd May 15, 2021 1. Successful ransomware attack: Fire the CEO & CTO. 2. No insurance cover if lack of staff security training, MFA, crucial system controllable from the internet, patches older than 30 days not applied. 3. SW manufacturers have liability for zero-day exploits. 4. Ransom payments ae illegal. Reply - 6. rassalas May 15, 2021 Why be baffled? Just admit you're a Fanboi... Reply - 6. NobodySAIDboo May 14, 2021 do not worry they are all safe ,happy and rich now in Israel,they will be on Isralie tv soon to tell how they did it,same as the 911 murderers. Reply - 1. Mr E May 14, 2021 Are you kidding? Your baseless hate for Israel disappoints me. Reply - 2. Paul Dodd May 15, 2021 So 9/11 perpetrators were on Israeli TV? Comments leaking in from another universe. Reply - 7. the.raw May 14, 2021 Is this for real? There's a code of conduct for ransomware deployments? Seriously? I prefer to authenticate this story, but such that it is, i must say I am disappointed. Apparently, the only way to stop a bad guy on a computer is another bad guy supplying the software. Reply - 8. Paul D Collier May 14, 2021 bamboozled Reply - 9. Notaserialkiller May 14, 2021 What are the CIA, NSA, FBI etc doing all day? Too busy making WOKE recrtuiting videos Reply - 10. Compu Smith May 14, 2021 I doubt this, entirely. Reply - 11. Stephan B Feibish May 14, 2021 If committed by a nation state it would be called an act of sabotage or an act of war. Reply - 12. mealy May 14, 2021 Question - Why do Trump fools make things up, do they believe it helps them win credibility somehow lol? Go eat a baby in a pizza parlor already. Reply - 13. Lindy May 14, 2021 I'll believe they closed the day I win the Powerball lottery. They can say what ever they want but it doesn't mean anything... they are criminals after all. Thanks for trying to cheer me up Brian. Reply - 1. Paul Dodd May 15, 2021 Got a good publicity department, probably decided to take a long holiday with the proceeds. Good luck with the lottery. Reply - 14. Lucius Quinctius May 14, 2021 There still need to be real repercussions for these and the other ransonware operators. It should be open season on these guys and not stop still it's done. This may or may not be a ploy by them to distract attention. I hope it doesn't distract us. I also hope that we get enforcement people with cojones whether from a state or licensed by one to hunt. Reply - 1. Paul Dodd May 15, 2021 A problem is that there's a lack of international cooperation between China, Russia, Nigeria and the U.S. re investigation, extradition & prosecution. These attacks damage trade and trust. There needs to be a treaty, something like "International Convention on Cybercrime". Obviously North Korea won't sign, unless China leans on Kim. Reply - 15. Cindi Carter May 14, 2021 I can't help but think about the security team at Colonial Pipeline. As if the day-to-day of a security practitioner isn't stressful enough, I can only imagine the pressure cooker the Colonial Pipeline teams have been experiencing, and they deserve our support. I don't think this "exit" from DarkSide is any promise of relief. Reply - 1. Eric Nesbit May 15, 2021 Colonial Pipeline didn't deserve to be attacked but the company was notoriously bad at cybersecurity. Google Robert F. Smallwood for an audit done on the company three....yes three....years ago. It was a badly run company that continued to fail but managed to keep going because it could produce a product cheeply. Even during the attack, they had the ability to continue sending oil but chose to shut down because they didn't know any alternative way of billing customers. On top of that, they paid the ranson because their secure systems' backups would have taken too long to decrypt and deploy. It was fast to just pay the ransom. And that's insane given their incompetence level as demonstrated means that had they not been attacked by cyber criminals who could return their systems to normal, and had they suffered a system failure forother reasons, they likely would have the capability to bring themselves back to full production for a considerably long period of time. They are fly-by-nighters whk got caught with their pants down and who's leadership are too incompetent to be able to learn from it. Raising prices on their product to pay for better IT staff, policies, and practices is something that likely won't happen for them. And it will cost the east coast again and again until their execs are prosecuted for criminal negligence, found guilty, and sent to prison for it. And yes, it is THAT bad. Reply - 16. Paliku May 15, 2021 Unless our own NSA stole the loot - which would be GREAT, I would guess it is a ploy that will benefit Putin. We will probably never know. I fully support our cyberwarfare personnel hunting and screwing with these hackers in perpetuity. Or a projectile or space trash hitting their HQ "Act of God" scenarios - lol. Never mind the politics - groups like this hurt us all regardless of where you come from. Reply - 17. Dixie May 15, 2021 Anyone think Bitcoin wallet being hacked is a bigger story? I do. Reply - 1. Treed May 15, 2021 That's a good point. Why is it every time I hear about a wallet it has been hacked? Can you not 2fa those things? Reply - 2. Mindy May 15, 2021 Exit scam! Reply - 3. rassalas May 15, 2021 Yes, that is the elephant in this room. Reply - 4. JamminJ May 15, 2021 I think the conclusion of this article suggests that it was not a hack, or even an exit scam. Rather a false flag in an attempt to get the heat off them. If the public and the US media think that someone has already retaliated against them and they lost money, then maybe they can quietly slip away. Remember their MO. They don't want to attract any attention, and this colonial pipeline attack was way bigger than they thought it would be. Reply - 18. Art K May 15, 2021 Possible solution to ransomware - remove the incentive! I hope I am not showing too much ignorance here but aren't all Bitcoin (cryptocurrency), transactions publicly recorded, trackable and verified via wallet to wallet blockchains? If so, why not blacklist any and all ransomware receiving wallets rendering them worthless? The blacklisted wallet identifiers could be distributed by the same mechanism as the blockchains themselves. There might have to be some vetting process to prevent bad faith blacklisting. However, any legitimate wallet holder could appeal such a designation to reverse the blacklisting. Would have to create some sort of appellant mechanism that would protect anonymity as well as validate the rulings but is should be doable. In essence, the true ransomeware criminals would have to identify themselves and admit their guilt to get a reversal which they would not do nor would their blacklisting be reversed. Reply - 1. JamminJ May 15, 2021 That indeed could be created as a new type of cryptocurrency. Of course, one of the main reasons why Bitcoin and other popular cryptocurrencies are so popular, is they're not managed by any government or authority that could implement such a blacklist. Several cryptocurrencies have been created that do have other features and some are even managed by corporations. Those will never likely be popular at scale. If you create a better cryptocurrency than bitcoin, but with a feature that makes it hard for criminals, then criminals simply won't use that coin, but use what's already available. Criminals will simply use the next best option. Reply - 19. David Wishengrad May 15, 2021 It's bad to do this to hospitals and the such because those organizations are faced with saving lives, right? It's about saving life. Right? Now which is really a greater evil? To needlessly harm life and freely admit that you are doing that or to replace to dismiss the only truthful reason to care about life in the first place, "Life is Most Important in Life" while simultaneously claiming to represent life's truthful interests? You see, there is truth that goes like this: "Life is Most Important in Life is The Most Important Truth in Life" or like this: "The Most Important Truth in Life is Life is Most Important in Life". Once a person has been shared this truth if they then speak on behalf of life again and dismiss this truth as always being true they are in fact a person doing the most wicked evil of all. Needless and preventable suffering and death only occur AFTER the truth ""Life is Most Important in Life" is dismissed as always being true. In fact, that person is dismissing the very cure and prevention of all needless and preventable suffering and death while simultaneously claiming to represent life's truthful interests. That is an evil so wicked that it cannot be forgiven. All people able to comment on the internet cam easily understand this truth if they choose to. Any claim of not understanding is a bot or a lie by a person using life to argue the that this truth is always true and as such contradicting any point that life may not be truthfully most important. So, if you want to prove to us all that you have no soul, just speak speak for life and dismiss this truth that was freely shared with you all. This goes for the staff here too. Do you all agree this truth is correct and the reason you work on security or is there another more important reason and what is that reason? Thank you. You are all Truthfully Most Important. That's non-negotiable. It's always true. Reply - 1. David Wishengrad May 15, 2021 That was my first comment here. I forget to stop and fix typos and fix some grammar. I was just saying people, I do appreciate knowing about security flaws and what is going on. It protects life. I don't appreciate it when people use life causes to promote something that is wrong. It happens. We all make mistakes. Our lives are moved into a completely new place once we are told the truth "Life is Most Important in Life". No one can honestly say they were not told, that were. No one can present a higher truth or equal truth that is shared in common that contradicts this truth. So, they can't honestly say they know or understand better. Where is that 'other' truth? Show me it without using life in contradiction. So, no, they did not have better. Again, any claim by a person to not understand is a lie. You have all been freely handed the cure for all needless and preventable suffering and death today on a public security board. And you have been forced to choose to loose or keep.your soul in regard to life. To do the soulless action or the responsible action. You can't ever get kut of getting told better. This really it is and it's completely real and some religious nonsense. All you have to do is affirm this truth in a responsible public fashion going forward. Any person claiming to represent life's truthful interests who dismisses it looses their very soul on the spot. Let's get those who are really out to do evil out in the open. Let them publicly throw themselves against this truth in full witness of their peers and show us all again and again that they have no soul. That will make life much better for all of us and will enable much better electronic security to protect life. It's free and easy. The instructions for use are the very words themselves. It's not at all complicated, but if you like complexity, there is also enough there to keep you real busy with discovery. Perfect Equality Among Celestial Entities Reply - 1. David Wishengrad May 15, 2021 Sigh, I tried. It's hard for an older guy on a cell. To do the soulless action or the responsible action. You can't ever get OUT of getting told better. This really is it and it's completely real and NOT some religious nonsense. Thank you for your understanding. Reply - 2. Paul Dodd May 15, 2021 Sorry, no. "important" and "evil" are words without absolute meaning, especially in the way that you are using them. What you do with the life you are given is something to consider. According to your script you will never achieve death. Anyone can be forgiven. Reply - 3. rassalas May 15, 2021 Sorry, Hospitals are only involved in the business of making money, unfortunately they have to experiment on real humans in order to do so. It took a pandemic to highlight how little the doctors actually do to earn their mcmansions and drive around in their Bugatti's. Reply - 20. Michael P. O'Hara May 15, 2021 About time the feds took the gloves off. Which I have no issue with. They will hopefully start to go Beast Mode and start attacking cybercriminals as soon as their servers are detected online. Your corporate taxes help fund all federal orgs - including the pretty damned good offensive teams at the NSA, CIA, etc. Hunting down and destroying these rings should become the de facto policy of US security orgs... ransomware is only the newest weapon cybercrime's using against orgs/companies. What's next? And why give them the chance to blast another agency/company? Pres. Biden - I voted for you. Drop the sledgehammer on these clowns. The arms race needs to be won. Now. Reply - 1. Paul Dodd May 15, 2021 Still need to act within the law/constitution. Cybercriminals usually are in another country: the FBI has no jurisdiction, except AFTER an attack. Perhaps companies with critical infrastructure could be fined for not having good security. This would not be that difficult for the FBI to test. A "great firewall" as in China could also help, but it's probably politically a no-go. Reply - 21. V. Black May 15, 2021 There are so many pieces missing from this puzzle. If they were shut down by an official actor, then why has no one taken credit? "Hit us and we'll take you out if business" is surely the greatest deterrent there is? The thought that sends shivers down my back is what if this was done by an other cybercriminal group that was getting fed up with ransomware generating so much publicity, and thereby awareness of cybersecurity issues? People have a tendency to think that if all is quiet, then all is well, which surely plays right into the hands of groups like Hafnium and such. "All is quiet on the west front." Reply - 22. Matt May 15, 2021 We need a strong leader in office, like previous administration, that would go after these ransomware gangs bigly. No one trusts clueless China Biden to do the right thing. I believe this group packed up and just lying low. Reply - 23. Craven moorehead May 15, 2021 The no brainer for president was trump and his lawlessness, his whole cabinet should be locked up starting with Bill barr!! Reply - 24. Randy May 15, 2021 Uhmm, President Trump lost the popular vote by 3 million! Reply - 25. Michael Wiseman May 15, 2021 And the comments quickly devolve into a political rant, as expected. Why people don't keep on topic is beyond me. Evidently, there is no honor amongst thieves and one of their own wiped them out. Kind of like when my ex's 2nd husband stole my money from her. If we want to punish Russia, just cut them off from the internet Reply - 1. JamminJ May 15, 2021 Yeah. Just call up the CEO of the Internet. Reply - 26. John May 15, 2021 Blockchain miners are scammers as well ! They got $3000 if my money ! They keep telling me to make this last payment to get my profit .so I make a payment for the fees and they come up with more fees never to pay me my profit!! They mined $500 and have now charged $2500 in fees never to pay me! Reply - 27. MikeW May 15, 2021 It seems the Russians know how to, and are willing to with fervor, deal with extortionists within their country. When will we get the will and the capability? Reply - 28. MikeW May 15, 2021 Will any of the seized Bitcoin and other assets by returned to Colonial to offset their $5 million extortion payment so that their stock holders don't have to eat it? Reply - 29. J.D. May 15, 2021 They are a European group from many countries from what I read. Reply - Comment navigation - Older Comments Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] Advertisement [111] Advertisement [110] Mailing List Subscribe here Search KrebsOnSecurity Search for: [ ] [Search] Recent Posts * DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized * Microsoft Patch Tuesday, May 2021 Edition * A Closer Look at the DarkSide Ransomware Gang * Fintech Startup Offers $500 for Payroll Passwords * Investment Scammer John Davies Reinvents Himself? Spam Nation Spam Nation A New York Times Bestseller! All About Skimmers All About Skimmers Click image for my skimmer series. Story Categories * A Little Sunshine * All About Skimmers * Ashley Madison breach * Breadcrumbs * Data Breaches * DDoS-for-Hire * How to Break Into Security * Latest Warnings * Ne'er-Do-Well News * Other * Pharma Wars * Ransomware * Security Tools * SIM Swapping * Spam Nation * Target: Small Businesses * Tax Refund Fraud * The Coming Storm * Time to Patch * Web Fraud 2.0 The Value of a Hacked PC valuehackedpc Badguy uses for your PC Badguy Uses for Your Email Badguy Uses for Your Email Your email account may be worth far more than you imagine. Donate to Krebs On Security Most Popular Posts * Sextortion Scam Uses Recipient's Hacked Passwords (1076) * Online Cheating Site AshleyMadison Hacked (798) * Sources: Target Investigating Data Breach (620) * Trump Fires Security Chief Christopher Krebs (534) * Cards Stolen in Target Breach Flood Underground Markets (445) * Reports: Liberty Reserve Founder Arrested, Site Shuttered (416) * Was the Ashley Madison Database Leaked? (376) * DDoS-Guard To Forfeit Internet Space Occupied by Parler (374) * True Goodbye: 'Using TrueCrypt Is Not Secure' (363) * Who Hacked Ashley Madison? (361) Why So Many Top Hackers Hail from Russia [computered-580x389] Category: Web Fraud 2.0 Criminnovations Innovations from the Underground [shreddedID-copy-285x189] ID Protection Services Examined Is Antivirus Dead? Is Antivirus Dead? The reasons for its decline The Growing Tax Fraud Menace The Growing Tax Fraud Menace File 'em Before the Bad Guys Can Inside a Carding Shop Inside a Carding Shop A crash course in carding. Beware Social Security Fraud Beware Social Security Fraud Sign up, or Be Signed Up! How Was Your Card Stolen? How Was Your Card Stolen? Finding out is not so easy. Krebs's 3 Rules... Krebs's 3 Rules... ...For Online Safety. (c) Krebs on Security