Latest Trending
Last Updated, May 9, 2021, 8:13 PM
Ransom group linked to Colonial Pipeline hack is new but experienced
Share This


Article content

WASHINGTON — The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs.

Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

“It looks like someone who’s been there, done that.”

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

Advertisement

This advertisement has not loaded yet, but your article continues below.

Article content

“It’s as if someone turned on the switch,” said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.

Ransom software works by encrypting victims’ data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that does not mean that we have no experience and we came from nowhere.”

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

Reuters was not immediately able to verify the group’s various claims but one of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc which publicly disclosed a digital shakedown attempt affecting “portions of its information technology systems” last month.

A Dixie executive did not immediately return a message seeking further comment.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

Advertisement

This advertisement has not loaded yet, but your article continues below.

Article content

It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity. Even its tech savvy is nothing special, according to Georgia Tech computer science student Chuong Dong, who published an analysis http://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware of its programming.

According to Dong, DarkSide’s code was “pretty standard ransomware.”

Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.

Typically “they know who is the manager, they know who they’re speaking with, they know where the money is, they know who is the decision maker,” said Div.

In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard – may have been a miscalculation.

“It’s not good for business for them when the U.S. government becomes involved, when the FBI becomes involved,” he said. “It’s the last thing they need.”

As for DarkSide, which usually isn’t shy about putting out press releases and promises registered journalists “fast replies within 24 hours,” the group has stayed uncharacteristically silent.

The reason is not clear. Requests for comment Reuters left via its main site and their media center have gone unanswered. (Reporting by Raphael Satter; editing by Grant McCool)

Advertisement

This advertisement has not loaded yet, but your article continues below.

In-depth reporting on the innovation economy from The Logic, brought to you in partnership with the Financial Post.

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com

Latest Post

4 Advantages of Owning Your Own Dump Truck

Last Updated,Oct 4, 2024

5 Characteristics of Truth and Consequences in NM

Last Updated,Sep 30, 2024

How To Make Your Wedding More Accessible

Last Updated,Sep 11, 2024

Ensure Large-Format Printing Success With These Tips

Last Updated,Sep 11, 2024

4 Reasons To Consider an Artificial Lawn

Last Updated,Sep 11, 2024

The Importance of Industrial Bearings in Manufacturing

Last Updated,Sep 11, 2024

5 Tips for Getting Your First Product Out the Door

Last Updated,Sep 11, 2024

Most Popular Metal Alloys for Industrial Applications

Last Updated,Sep 6, 2024

5 Errors To Avoid in Your Pharmaceutical Clinical Trial

Last Updated,Aug 20, 2024

Ways You Can Make Your Mining Operation Cleaner

Last Updated,Aug 12, 2024

Tips for Starting a New Part of Your Life

Last Updated,Jul 16, 2024

Easy Ways To Beautify Your Home’s Exterior

Last Updated,Jun 18, 2024