Back to the complete issue
Thursday, 3 June 2021

Cybercriminals have created operations that can rival major firms

DarkSide, the emerging platform for cyber criminals worldwide: Ransom notes have gotten a lot more sophisticated in recent years, with “ransomware-as-a-service” businesses — subscription based services that allow users to use preexisting ransomware software to execute attacks — making online extortion available to a wider network of would-be criminals. One such platform, DarkSide, garnered attention after it facilitated a recent cyberattack on the US’ Colonial Pipeline, forcing its closure and halting the delivery of almost half of the US East Coast’s fuel supply. Darkside claimed responsibility for the Colonial Pipeline hacking, and even issued a press release saying that they “regret creating problems,” and that the attack had no geopolitical motivations but only aimed at making money, reports The Financial Times.

And make money they did. DarkSide was paid a USD 4.4 mn ransom to provide a decryption key and delete all stolen sata, Colonial Pipeline’s CEO told The Wall Street Journal, saying it was the right thing to do for the country.

So how does the platform work? DarkSide has put a system in place for hackers to perform cyber attacks on companies, acting as a facilitator for reaching out and asking for a ransom from the firm and ensuring the payment reaches the cyber criminal. DarkSide gets its talent from on the dark web, where CVs and references are solicited, writes The FT. Once the cyber criminal platform successfully attacks a firm, they use the method of double extortion to demand separate sums for both a digital key needed to unlock any files and servers, and a separate ransom in exchange for a promise to destroy any data stolen from the victim, according to KrebsonSecurity. If the ransom is not paid, DarkSide will publish all the data and store it on their content delivery network for at least six months as well as send notifications of the leak to media, partners, and customers.

Cue the ethical hacker manifesto: Following the Colonial Pipeline attack, DarkSide has said it would “check each company that our partners want to encrypt to avoid social consequences in the future.” Based “on their principles”, the platform has also forbidden affiliates from dropping ransomware on organizations in industries including healthcare, funeral services, education, public sector and non-profits, according to screenshots obtained by BBC. If that doesn’t sound insane enough, Darkside has also said that it only attacks companies that can pay the requested amount, explaining that they analyze targets’ finances before the hack as they “do not want to kill your business”. If hacked firms have any questions, they can ask DarkSide’s customer support that will help you pay the ransom.

DarkSide has attacked at least three more companies since the Colonial Pipeline incident. The platform announced three more hacks on global firms on the dark web, but none appear to engage in critical infrastructure, writes CNBC. The hacked companies are a US technology services reseller, a Brazilian renewable energy products reseller, and a Scottish construction firm, but CNBC did not reveal the names or the amount of ransom asked for. UK firm One Call Insurance has also fallen victim to a DarkSide attack, with Doncaster Free Press writing that a ransom of GBP 15 mn is being requested. The news has not made it into any larger media organizations.

How to save your own firm: We’ve all seen the misspelt scam emails, the clumsy phishing attacks, and pop up virus threats, however, DarkSide and its partners require more effort to stay safe than just being careful where you click. The US’s Cybersecurity and Infrastructure Security Agency released guidelines on the best practices for preventing business disruption from ransomware attacks following the DarkSide hacking. The guidelines include requiring multi-factor authentication, setting up antivirus and antimalware programs to conduct regular scans, and limiting access to resources over networks, among many other mitigation measures.

Enterprise is a daily publication of Enterprise Ventures LLC, an Egyptian limited liability company (commercial register 83594), and a subsidiary of Inktank Communications. Summaries are intended for guidance only and are provided on an as-is basis; kindly refer to the source article in its original language prior to undertaking any action. Neither Enterprise Ventures nor its staff assume any responsibility or liability for the accuracy of the information contained in this publication, whether in the form of summaries or analysis. © 2022 Enterprise Ventures LLC.

Enterprise is available without charge thanks to the generous support of HSBC Egypt (tax ID: 204-901-715), the leading corporate and retail lender in Egypt; EFG Hermes (tax ID: 200-178-385), the leading financial services corporation in frontier emerging markets; SODIC (tax ID: 212-168-002), a leading Egyptian real estate developer; SomaBay (tax ID: 204-903-300), our Red Sea holiday partner; Infinity (tax ID: 474-939-359), the ultimate way to power cities, industries, and homes directly from nature right here in Egypt; CIRA (tax ID: 200-069-608), the leading providers of K-12 and higher level education in Egypt; Orascom Construction (tax ID: 229-988-806), the leading construction and engineering company building infrastructure in Egypt and abroad; Moharram & Partners (tax ID: 616-112-459), the leading public policy and government affairs partner; Palm Hills Developments (tax ID: 432-737-014), a leading developer of commercial and residential properties; Mashreq (tax ID: 204-898-862), the MENA region’s leading homegrown personal and digital bank; Industrial Development Group (IDG) (tax ID:266-965-253), the leading builder of industrial parks in Egypt; Hassan Allam Properties (tax ID:  553-096-567), one of Egypt’s most prominent and leading builders; and Saleh, Barsoum & Abdel Aziz (tax ID: 220-002-827), the leading audit, tax and accounting firm in Egypt.