Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Read more
Sign In
May 14, 202112:54 PM PDTLast Updated a month ago
Ransomware gangs disrupted by response to Colonial Pipeline hack
Joseph Menn

3 minute read
SAN FRANCISCO, May 14 (Reuters) - Multiple ransomware groups claimed they were shutting down or scaling back operations on Friday as the U.S. government ramped up pressure while tech companies, cryptocurrency exchanges and others worried about getting caught in the crossfire.
DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that led to a six-day fuel pipeline shutdown, said it was going out of business after losing access to some of its servers.
Another major criminal gang said it would forbid encryption attacks on critical infrastructure, and forums where such gangs recruit partners said they were banning ads related to ransomware, analysts said.
U.S. President Joe Biden repeatedly warned the gangs and major host country Russia about consequences for a ransomware attack that prompted Colonial Pipeline to shut down the main supply line to the East Coast. That line was resuming full operation, but many pumps remain empty at stations in some states after days of panic buying.
Investigators said DarkSide provided the encryption software that a criminal affiliate used to render Colonial’s internal files inaccessible. It planned to split any ransom to recover that data with the affiliate, who the investigators have identified as another Russian criminal.
DarkSide claimed that some of its money had been transferred to new electronic wallets, though rivals and some U.S. experts warned the group could be using the uproar as an excuse to cash out. Ransomware gangs commonly change names and membership.
It was not immediately clear whether the professed retreat was due to U.S. diplomatic pressure, legal demands on technology providers or even government-backed hacking.
The FBI, Justice Department and White House National Security Council all declined to comment.
"Ransomware criminals are clearly getting nervous with all the heat coming down from U.S. government and industry," said Dmitri Alperovitch, who co-founded security provider CrowdStrike before starting thinktank Silverado Policy Accelerator.
If it continues, the moves would reverse a trend in the past two years of the gangs targeting more vital companies that are likely to pay to resume operations, or to have insurance coverage that will pay for them.
"Many will likely try to lie low for a few months in hopes that it will pass," Alperovitch said. "The key will be to keep up the pressure on both the criminal gangs themselves as well as the states like Russia that offer them safe haven from prosecution."
Earlier this year, U.S. authorities cited the ransomware surge as a national security threat and noted some overlaps with foreign government interests.
The Justice Department established a ransomware task force, and a public-private study panel issued recommendations including greater regulation of cryptocurrency.
Reporting by Joseph Menn; Editing by David Gregorio
Our Standards: The Thomson Reuters Trust Principles.
More from Reuters
Play video on original page
Read Next
United States
Pelosi announces creation of new committee to probe Jan. 6 attack on U.S. Capitol
10:29 AM PDT
U.S. panel discusses 'break 'em up' antitrust bill
10:03 AM PDT
Italian court acquits two in Nigeria oil graft case
10:00 AM PDT
Biden administration extends residential eviction ban until end of July
9:58 AM PDT

Sign up for our newsletter
Subscribe for our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox.
Government · 9:58 AM PDT
Biden administration extends residential eviction ban until end of July
The Biden administration on Thursday said it was extending the Centers for Disease Control and Prevention's (CDC) COVID-19 residential eviction moratorium until July 31 but said it would not grant further extensions.
Pelosi announces creation of new committee to probe Jan. 6 attack on U.S. Capitol
10:29 AM PDT
Biden appoints Sandra Thompson as acting housing finance chief
9:06 AM PDT
U.S. Senate panel splits over gun control advocate to lead firearms enforcement agency
7:43 AM PDT
U.S. judge blocks $4 billion debt relief program for minority farmers
9:23 AM PDT
About Reuters
About Reuters
Reuters News Agency
Brand Attribution Guidelines
Reuters Leadership
Reuters Fact Check
Reuters Diversity Report
Stay Informed
Download the App
Information you can trust
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Follow Us
Thomson Reuters Products
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Refinitiv Products
Information, analytics and exclusive news on financial markets - delivered in an intuitive desktop and mobile interface.
Refinitiv Data Platform
Access to real-time, reference, and non-real time data in the cloud to power your enterprise.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
Advertise With Us
Advertising Guidelines
Terms of Use
Site Feedback

All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2021 Reuters. All rights reserved