By Raphael Satter
WASHINGTON (Reuters) – Two more ransomware operators appear to have disappeared from the web, a cybersecurity researcher said on Sunday, in another potential aftershock following this month’s hack of U.S. fuel transport company Colonial Pipeline.
The sites, run by groups dubbed “AKO” and “Everest”, appear to have become unreachable over the weekend, according to Allan Liska, a researcher with cybersecurity firm Recorded Future.
And while hackers‘ websites can often be unstable “it’s unusual to see two of the bigger names go down for 24 hours,” Liska told Reuters. “That makes me think it’s a conscious choice to take their site offline.”
The move follows the disappearance of the DarkSide digital extortion gang, the group blamed for paralyzing the country’s largest fuel pipeline network and sending a wave of panic-buying up and down the East Coast.
The company’s pipeline restarted on Thursday after being shut for nearly a week.
Other ransomware groups – who make money by scrambling companies data and demanding hefty payments in digital currency to unlock it – have said they were shutting down or scaling back operations as the U.S. government ramped up pressure. Groups such as “Avaddon” and “REvil,” for example, have said they would be steering clear of government, nonprofit, or healthcare sectors.
It remains unclear whether the retreat is due to U.S. diplomatic pressure, legal demands on technology providers or even government-backed hacking. The FBI did not immediately return a message seeking comment on the disappearance of the ransomware operators’ websites.
Liska said previous declarations by ransomware gangs that certain targets were off-limits in the early days of the coronavirus pandemic did not last long.
“We’ve seen this song-and-dance before,” Liska said. “It remains to be seen whether this is something they’re going to follow through on or whether they’re putting out releases to get good press.”
(Reporting by Raphael Satter; Editing by Daniel Wallis)