Several ransomware groups claimed they were shutting down or scaling back operations on Friday as the U.S. government increased pressure as tech companies, cryptocurrency exchanges and others feared they were caught in the crossfire.
DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that led to the shutdown of a fuel pipeline for six days, has said it is ceasing operations after losing access to some of its servers.
Another major criminal gang has said it will ban encryption attacks on critical infrastructure, and forums where these gangs recruit partners have said they ban ransomware-related ads, analysts have said.
US President Joe Biden has repeatedly warned gangs and the main host country, Russia, of the consequences of a ransomware attack that prompted Colonial Pipeline to shut down the main supply line to the East Coast. That line was back to full operation, but many pumps remain empty at stations in some states after days of panic shopping.
Investigators said DarkSide provided the encryption software used by a criminal affiliate to make Colonial’s internal files inaccessible. He planned to share any ransom to recover this data with the affiliate, who investigators identified as another Russian criminal.
DarkSide has claimed that some of its money has been transferred to new e-wallets, although rivals and some US pundits have warned the group may use the outcry as an excuse to cash in. Ransomware gangs usually change their names and membership.
It was not immediately clear whether the declared retirement was due to US diplomatic pressure, legal demands from tech vendors, or even government-backed hacking.
The FBI, the Justice Department and the White House National Security Council all declined to comment.
“Ransomware criminals are clearly getting nervous about all the heat coming from US government and industry,” said Dmitri Alperovitch, who co-founded security provider CrowdStrike before starting thinktank Silverado Policy Accelerator.
If this continues, the moves would reverse the trend of the past two years of gangs targeting more vital businesses that are likely to pay to resume operations, or have insurance coverage that will pay them.
“Many will probably try to stay low for a few months in the hopes that it will pass,” Alperovich said. “The key will be to keep the pressure on both the criminal gangs themselves and on states like Russia that offer them a safe haven from prosecution.”
Earlier this year, U.S. officials cited the ransomware surge as a threat to national security and noted some overlap with the interests of foreign governments.
The Justice Department created a ransomware task force, and a public-private study group made recommendations, including tighter cryptocurrency regulation.
(Reporting by Joseph Menn; Editing by David Gregorio)