Recorded Future, the security firm, said in a post that the allegedly Russia-based Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.
Accessed via TOR on the dark web, the Darkside site address showed a notice saying it could not be found.
Recorded Future threat intelligence analyst Dmitry Smilyanets said he found a Russian language comment on a ransomware website ostensibly from "Darksupp", described as the operator of Darkside.
"A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers," Darksupp wrote.
"The Darkside operator also reported that cryptocurrency funds were also withdrawn from the gang's payment server, which was hosting ransom payments made by victims," said Recorded Future.
While there was no evidence of who might have forced down Darkside's website, the twitter account of a US military cyber warfare group, the 780th Military Intelligence Brigade, retweeted the Recorded Future report on Friday.
Darkside, which only surfaced online late last year, was behind the attack on Colonial Pipeline that forced the shutdown of its network shipping gasoline, diesel and aviation fuel across much of the eastern half of the United States.