The DarkSide ransomware group tied to the high-profile breach at Colonial Pipeline Co. has said it’s winding down operations, according to a Wall Street Journal report today.

The Journal attributed the information to cybersecurity firms FireEye Inc. and Intel 471. According to the firms’ research, DarkSide informed affiliates earlier this week that it plans to close down after losing access to its technology infrastructure.

The group’s statements reportedly suggest that the infrastructure was seized by law enforcement agencies. DarkSide’s website is said to have been offline since Thursday.

According to cybersecurity experts, DarkSide is a ransomware-as-a-service group that sells ransomware tools to other hackers, who use them to launch cyberattack campaigns. DarkSide first emerged last year and has generated at least $60 million from hacking campaigns, according to Chainalysis Inc. data cited by the Journal.

The group became the subject of international attention last week after it launched a cyberattack against Colonial Pipeline, the operator of the largest pipeline system for refined oil products in the U.S. The company normally transports 45% of all fuel used on the East Coast. As a result of the hack, Colonial Pipeline was forced to shut down about 5,500 miles of pipeline, which has led to widespread fuel shortages.

It was reported on Thursday that the company had paid a nearly $5 million ransom to restore files encrypted in the attack. The ransom is believed to have been sent last Friday, the same day Colonial Pipeline first detected the breach. Shortly thereafter, DarkSide issued a statement saying that “from today we introduce moderation and check each company” that its affiliates target in hacking campaigns. 

Colonial Pipeline is not the only firm that has been hit by ransomware tied to DarkSide recently. On Thursday, BleepingComputer reported that Brenntag SE, one of the largest chemicals distributors in North America, paid a $4.4 million ransom to DarkSide after suffering a network compromise earlier this month.

Ransomware campaigns generated more than $400 million in income last year, according to Chainalysis, and attacks are only becoming more frequent. Just this morning, Ireland’s state health services provider disclosed that it has shut all its information technology systems and cancelled some medical appointments following a ransomware attack.

The U.S. is taking new steps to address the threat posed by such attacks. Earlier this week, a few days after the Colonial Pipeline hack became public, U.S. President Joe Biden signed an executive order to strengthen national cybersecurity defenses. In remarks delivered Thursday, Biden stated that the Justice Department has launched a task force dedicated to prosecuting ransomware hackers.

Photo: Colonial Pipeline