The cyber-criminal gang DarkSide, which allegedly disbanded after carrying out the Colonial Pipeline ransomware attack, may not stay dark for long, according to a report by CNBC.
Key government cybersecurity and counterintelligence officials told the news source that if the gang has actually stopped operating, it could soon be back to its old and highly lucrative tricks under a different alias.
Research published last week by London-based blockchain analytics firm Elliptic appears to show that DarkSide extorted more than $90m in Bitcoin before supposedly halting its illegal activities.
Federal experts also warned that certain countries were turning a blind eye to the cyber-criminal activity emanating from within their borders.
In an interview with CNBC's Eamon Javers on Wednesday, Assistant Attorney General of the Department of Justice’s National Security Division John Demers said that the Colonial Pipeline attack highlighted the issue of "nation-states serving as safe havens for criminal cyber-actors."
Demers said that "nation-states aren’t doing their part to investigate and root out hacking activity happening within their borders." He went on to suggest that DarkSide, far from going dark, could be "just off renaming themselves."
“Groups like that will come back,” he added. “Probably DarkSide itself, those actors that comprise that group, will be back if they’re not already out there in other forms operating as we’re talking.”
Acting Director of the National Counterintelligence and Security Center Michael Orlando concurred with Demers' viewpoint.
Speaking in the same interview, Orlando said: "We do know that countries like Russia and China, Iran and others certainly create safe havens for criminal hackers as long as they don’t conduct attacks against them.
"But that’s a challenge for us that we’re going to have to work through as we figure out how to counter ransomware attacks."
KnowBe4's James McQuiggan told Infosecurity Magazine: "With the recent DarkSide group going dark after what appears to be a loss of their electronic infrastructure, it seems they are working on regrouping their efforts."
He added: “Individually, cyber-criminals still need to live and make money, so they take their skills and expertise to another group and give themselves a new name and start all over.”