[ad_1]
The hacker group blamed this weekend’s ransomware attack on the Colonial oil pipeline he insisted he only wanted to make money and lamented “creating problems for society.”
In a statement released Monday, the criminal group known as DarkSide said it was “apolitical” and tried to divert the blame for the attack on “partners” who had used its ransomware technology.
The FBI named DarkSide on Monday as the perpetrator of a hacking giant that has taken a key US oil offline piping for three days, threatening to raise fuel prices and forcing the U.S. government to put in place emergency powers to keep supply fluid.
“The FBI confirms that DarkSide ransomware is responsible for compromising colonial pipeline networks,” the agency said in a statement. “We continue to work with the company and our government partners in the investigation.”
Ransomware attacks it involves hackers taking control of an organization’s data or software systems, blocking owners by encrypting them until a payment is made.
“Our goal is to make money and not create problems for society,” DarkSide said, adding that “it would check every company our partners want to encrypt to avoid social consequences in the future.”
DarkSide emerged as one of the most important ransomware teams last August and is believed to be run from Russia by an experienced team of online criminals. Cybersecurity company based in Silicon Valley CrowdStrike has traced the origins of DarkSide to the criminal piracy group known as Carbon spider, which “drastically revised its operations” last year to focus on the of rapid growth ransomware field.
“We’re a new product on the market, but that doesn’t mean we don’t have experience and come from nowhere,” DarkSide said earlier.
Brett Callow, an analyst at cybersecurity group Emsisoft, said: “DarkSide does not eat in Russia. Please check the language used by the system and, if it is Russian, it will stop working without encryption. “
He added that the group rented its services in the dark network. “DarkSide is a ransomware operation as a service. I guess the attack on Colonial was carried out by an affiliate and the group is worried about the level of attention it has attracted. “
As a sign of how ransomware has become a professional industry, DarkSide operates its own “press office” and claims to have an ethical approach to choosing its targets. The DarkSide website states that “based on our principles,” it will refrain from attacking medical institutions such as hospitals, care homes, and vaccine developers; funeral service providers; schools and universities; governmental and non-profit organizations.
This contrasts with the rest of the ransomware industry, for which healthcare providers and the public sector are among the most important targets. Colonial Pipeline is a private company owned by investors included Shell, KKR and Koch Capital.
Computer security firm Kaspersky said DarkSide aimed to “generate as much online buzz as possible.”
“More media attention could lead to a more widespread fear of DarkSide, which could mean a greater likelihood that the next victim will decide to pay instead of causing problems,” Kaspersky researcher Roman Dedenok said in a statement. blog post.
According to its previous objectives, the Brookfield real estate group, Discountcar.com, a Canadian subsidiary of the car rental group Enterprise, and CompuCom, a computer support provider based in the United States, owned by the parent company, include ‘Office Depot.
Arete, which provides incident response services to victims of cybercrime, has found that DarkSide is most commonly targeted at professional service companies and manufacturers, with ransom demands ranging from $ 3 million to $ 10 million. , although security news site Bleeping Computer has found evidence of rescues in the hundreds of thousands of dollars as well.
In an email interview with the security blog DataBreaches.net, A DarkSide representative who called himself “DarkSupp,” said the team investigated how much he could pay for his goal (e.g., looking at his insurance coverage) before deciding how much ransom to demand.
“We only attack companies that can pay the requested amount,” DarkSide said earlier. “We don’t want to kill your business.”
According to screenshots of a victim posted by Bleeping Computer, DarkSide sends each target a clear list of instructions titled “Welcome to Dark.” Specific details and samples of the stolen data are presented and victims are warned that they will be automatically posted online for at least six months if they refuse to pay. This technique of blocking victims from their systems and threatening them with embarrassment by making stolen data public is known as “double extortion”.
DarkSide hackers also try to reassure their victims that they will play by their own rules, saying, “We value our reputation. If we don’t do our job and responsibility, no one will pay us.” It even offers technical assistance, “in case of problems” using the decryption tool that its victims receive when they pay.
Daily newsletter
#techFT offers you news, comments and analysis on the big companies, technologies and problems that make up this fastest growing sector of specialists from around the world. Click here to get #techFT in your inbox.
Ransomware attacks rose 62 percent last year, according to the firewall developer SonicWall, including more than 200 million visits to the United States. This was partly driven by the pandemic, as companies forced to flee the office faced the task of securing their remote employees, as well as the rise of bitcoin, through which many hackers they demand payment. A recent survey by insurance group Hiscox found that more than half of ransomware recipients pay.
Additional reports from James Politi in Washington
[ad_2]
Source link