Quote:For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business.
Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the gang’s blog, payment processing and denial-of-service (DoS) servers had been seized.
Fast-forward three days, and it sure doesn’t look like DarkSide is dead in the water. Friday’s statement has reportedly been deleted. According to the security intelligence firm Flashpoint, some members of the underground forum questioned whether the post might have been a fake.
DarkSide has been in the headlines non-stop since it crippled operations at Colonial Pipeline Co. 10 days ago, spiking gas prices and sparking a rush to stockpile.
The group extorted around $5 million in that incident, in return for which it sent the major fuel-supplying company a decryption tool that reportedly could barely limp through the process of unlocking files. A day before “DarkSide” – or whoever it was – put up the “lost-our-servers” post, President Joe Biden said in an executive order that the U.S. plans to disrupt the ransomware network.
Read more: DarkSide Hits Toshiba; XSS Forum Bans Ransomware | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
