The malicious hacker group DarkSide, which hijacked a major US oil pipeline with a ransomware attack, withdrew most of its Bitcoins before the alleged seizure of its wallets and servers.
Specifically, according to reports, DarkSide would have lost access to the servers of its affiliate program and with this its Bitcoins.
As is known, the attack severely affected fuel distribution on the east coast of the United States. And the hackers asked for an amount in Monero (XMR) or in Bitcoin (BTC).
For its part, the Federal Bureau of Investigation (FBI) said that it was a ransomware, through which the DarkSide hacker group blocked access to the company’s computers. And he asked for money to free them.
Most importantly, on previous occasions, the FBI has advised companies that are victims of ransomware, not to pay rewards to hackers. Because they could encourage more attacks.
DarkSide withdrew most of its Bitcoins before the seizure
However, the Elliptic firm assures that DarkSide would have withdrawn a large part of the payments it received for the Colonial Pipeline Co company, before the alleged confiscation.
To recall, as reported by The Wall Street Journal, the pipeline operator would have paid about $ 5 million in BTC to hackers, to get rid of the ransomware.
Likewise, DarkSide would have announced on the Internet that it had lost access to its servers and its Bitcoins that were hosted on it: «A few hours ago, we lost access to the public part of our infrastructure».
«Servers were seized. The advertisers and founders money was transferred to an unknown account».
All this after President Joe Biden said that the United States plans to disrupt the hackers behind the Colonial Pipeline cyberattack.
«We have been in direct communication with Moscow on the imperative that responsible countries take decisive action against these ransomware networks. We will also seek a measure to disrupt your ability to operate.».
According to Dmitry Smilyanets, security expert, DarkSide acknowledged in forums and other publications on the Internet, having lost access to its server infrastructure.
They identify the wallet address
For this purpose, the analysis firm Blockchain Elliptic, identified the address of the wallet, in which the DarkSide received the payment from Colonial Pipeline.
In total, it was 75 BTC that DarkSide received from the Colonial Pipeline company, on May 8, 2021. After the paralyzing cyberattack in its operations, which caused a generalized shortage of fuel in the United States.
In addition, the wallet had received 57 payments from 21 different wallets. Some of which coincide with ransomware cases, where victims are known to have paid.
Also, Elliptic claims that all the Colonial Pipeline’s BTC could not have been seized by the authorities. Well, they were moved in another direction under the control of hackers. Elliptic has not disclosed the Bitcoin addresses in question.
In fact, the firm Intel471 thinks that the severity of the attack on the US pipeline could be too much pressure even for anonymous hackers.
«Traders will have to find new ways to launder the cryptocurrencies they get from extortion (ransoms)».
Finally, according to Intel471: «There is no guarantee that they will regroup and resume cybercrime operations at some point».
I retire with this phrase from Todd Fitzgerald: «Only after users have been fooled, will they really pay attention to training».