The DarkSide proclamation , which arrogate the offender “ doomed approach to their resourcefulness , admit their blog , payment , and CDN waiter and will be shut down their functioning , ” was too visualize by FireEye research worker . The grouping state that an unnamed police enforcement means interrupt office of its infrastructure in a argument post in Russian . allot to Intel471 , the radical ’s nominate - and - dishonor web log , redeem appeal site , and transgress datum mental object distribution meshing ( CDN ) were all allegedly attach , and finances from their cryptocurrency notecase were allegedly exfiltrated . Intel471 claim to have picture competitor ransomware - as - a - serving ring hold out tacit , but discourage that , like FireEye , ransomware extortion onrush are n’t loss anywhere anytime shortly . separately , a Chainalysis psychoanalysis of ransomware proceedings discovered that 15 % of all extortion defrayal place a risk of authority rupture in the United States . The ransomware apply in the Colonial Pipeline lash out , agree to scourge intelligence service house Flashpoint , is a rendering of the ill-famed REvil ransomware , with chasten commit based on codification analysis . The status of experience , remain lecture on ransomware payment and datum decipherment cock is another potential tortuousness with a DarkSide closedown . agree to the unfaltering , “ a add up of the operator will near in all probability run in their possess closed in - entwine residential district , resurface under newly key and vamp ransomware variate . ” “ A great issue of cloud clientele are in adjoin with these [ Darkside assort ] . ” May 14 , 2021 In the preceding , cybercriminal aggroup have close down natural process in response to practice of law enforcement litigate , just to reopen under a young distinguish and with freshly online base . grant to a informant monitoring the ransomware eruption , “ if they pass away dark-skinned , it might rattling impede convalescence endeavor completely over the world-wide . ” FireEye , on the other hand , nation that it has not severally hold in the title and admonish that it may be part of a “ leak defraud . ” — FireEye ( @FireEye ) “ It ’s more than probable that these ransomware Godhead are seek to take flight the public eye than they are circumstantially gain their error . The DarkSide ransomware - as - a - Service substructure , vitamin A comfortably as a make - and - affect site use by the condemnable grouping to atmospheric pressure victim during extortion let the cat out of the bag , has expire offline , concord to respective threat hunting watch monitoring darkweb communication theory . Intel471 , a certificate steadfastly that Monitor malicious activity on the gloomy vane , call to have hold a “ promulgation ” from DarkSide that the accompany will “ at once finish operation ” and cater data decryptors to all victim . Despite monolithic repercussion from the US authorities and International practice of law enforcement authority , the DarkSide cybercrime ring come out to be keep out down process . Intel471 lay claim that the hustler will forge freshly method for “ wash away ” the cryptocurrency they take in from ransom requital . Colonial Pipeline pay off a $ 5 million ransom to the DarkSide cybergang , allot to news show of the allege closure .