Cybercriminals have created operations that can rival major firms
DarkSide, the emerging platform for cyber criminals worldwide: Ransom notes have gotten a lot more sophisticated in recent years, with “ransomware-as-a-service” businesses — subscription based services that allow users to use preexisting ransomware software to execute attacks — making online extortion available to a wider network of would-be criminals. One such platform, DarkSide, garnered attention after it facilitated a recent cyberattack on the US’ Colonial Pipeline, forcing its closure and halting the delivery of almost half of the US East Coast’s fuel supply. Darkside claimed responsibility for the Colonial Pipeline hacking, and even issued a press release saying that they “regret creating problems,” and that the attack had no geopolitical motivations but only aimed at making money, reports The Financial Times.
And make money they did. DarkSide was paid a USD 4.4 mn ransom to provide a decryption key and delete all stolen sata, Colonial Pipeline’s CEO told The Wall Street Journal, saying it was the right thing to do for the country.
So how does the platform work? DarkSide has put a system in place for hackers to perform cyber attacks on companies, acting as a facilitator for reaching out and asking for a ransom from the firm and ensuring the payment reaches the cyber criminal. DarkSide gets its talent from on the dark web, where CVs and references are solicited, writes The FT. Once the cyber criminal platform successfully attacks a firm, they use the method of double extortion to demand separate sums for both a digital key needed to unlock any files and servers, and a separate ransom in exchange for a promise to destroy any data stolen from the victim, according to KrebsonSecurity. If the ransom is not paid, DarkSide will publish all the data and store it on their content delivery network for at least six months as well as send notifications of the leak to media, partners, and customers.
Cue the ethical hacker manifesto: Following the Colonial Pipeline attack, DarkSide has said it would “check each company that our partners want to encrypt to avoid social consequences in the future.” Based “on their principles”, the platform has also forbidden affiliates from dropping ransomware on organizations in industries including healthcare, funeral services, education, public sector and non-profits, according to screenshots obtained by BBC. If that doesn’t sound insane enough, Darkside has also said that it only attacks companies that can pay the requested amount, explaining that they analyze targets’ finances before the hack as they “do not want to kill your business”. If hacked firms have any questions, they can ask DarkSide’s customer support that will help you pay the ransom.
DarkSide has attacked at least three more companies since the Colonial Pipeline incident. The platform announced three more hacks on global firms on the dark web, but none appear to engage in critical infrastructure, writes CNBC. The hacked companies are a US technology services reseller, a Brazilian renewable energy products reseller, and a Scottish construction firm, but CNBC did not reveal the names or the amount of ransom asked for. UK firm One Call Insurance has also fallen victim to a DarkSide attack, with Doncaster Free Press writing that a ransom of GBP 15 mn is being requested. The news has not made it into any larger media organizations.
How to save your own firm: We’ve all seen the misspelt scam emails, the clumsy phishing attacks, and pop up virus threats, however, DarkSide and its partners require more effort to stay safe than just being careful where you click. The US’s Cybersecurity and Infrastructure Security Agency released guidelines on the best practices for preventing business disruption from ransomware attacks following the DarkSide hacking. The guidelines include requiring multi-factor authentication, setting up antivirus and antimalware programs to conduct regular scans, and limiting access to resources over networks, among many other mitigation measures.