The criminal enterprise that's responsible for the long gas lines in the southeastern US has logged off, saying it lost access to the infrastructure it needs to run its operation. "Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account," says a message from the DarkSide hackers posted in a cybercrime forum. The post is labeled "DarkSide Closed," Krebs on Security reports. Much like other outlaw gangs, the members of ransomware groups sometimes scatter with their loot, drop off the grid, then resurface later under a different name. It wasn't clear if the federal government had a role in the development, per the Wall Street Journal, or whether the DarkSide account is accurate. A message to ransomware allies cited "pressure from the US," per the Washington Post. The website went dark Thursday.
DarkSide's announcement said decryption tools were being made available to companies facing ransom demands that haven't paid. That's too late for Colonial Pipeline, which paid nearly $5 million to be able to restore its service. Parts of DarkSide's message seemed to come from REvil, a ransomware platform, which said it's putting limits on its use by others. Ransom attacks on health care and educational institutions, as well as government sites, won't be allowed, it said. Some experts suspect there was so much attention on ransomware attacks—as DarkSide's message suggested—that the operators decided to disappear. A former Obama administration official said it seems unlikely that it was the government that brought DarkSide down, largely because it happened so quickly. (Ireland reported a cyberattack Friday.)