DarkSide has been named by the FBI as the responsible party for the cyberattack on the Colonial Pipeline Company. The attack has caused a pipeline shut down and has already triggered state and regional emergency declarations as gas prices spike, station lines grow, and panic ensues mostly across the southeastern U.S. corridor. A number of sources suggest that Colonial Pipeline may have paid anywhere between four and five million dollars to get services up and running. Billionaire businessman John Catsimatidis told Fox Business’s Maria Bartiromo that “The payments have been made to the terrorists… I understand from my sources that $4 million was paid.”The figure of $5 million was quoted by two sources to Bloomberg News. It is believed that the ransom was paid in untraceable cryptocurrency, and in return, Colonial received a decrypting tool to restore the network.
Who Is DarkSide?
The group of professional, highly skilled hackers develops and sells tools to fellow cybercriminals. The organization’s ransomware was first detected in August of 2020, so the federal government and cybersecurity groups are still learning about DarkSide. Though DarkSide denies being tied to a foreign government, and none of the group’s targets have been in former Soviet countries, it seems after President Biden’s briefing Monday that the organization may have Russian ties. Biden stated that he would meet with Russia’s president, Vladimir Putin, to discuss the recent Colonial Pipeline attack. However, he also said that “so far there is no evidence based on, from our intelligence people, that Russia is involved, although there’s some evidence that the actors’ ransomware is in Russia.”
DarkSide created the malware and sells it to customers, though the organization claims it tells its customers to follow its “ethos.” This ethical guide includes avoiding targets such as hospitals, government agencies, schools, or nonprofit organizations. The group is transparent about their preferred targets: for-profit companies in English-speaking countries. DarkSide has also consistently expressed its disconnection from politics with no association to a political movement or nation-state.
In painting itself a sort of “Robin Hood,” the group claims to donate a percentage of any stolen or ransomed payments to charities. The transparency of the organization translates into its assistance. With a help desk, mailing list, code of conduct, and phone number, DarkSide attempts to make each victim’s attack, crisis, and ransom payment as smooth as possible.
Cybersecurity experts, including Lior Div, chief executive of the security firm Cybereason, suspect the group is composed of veteran cybercriminals. Within DarkSide’s “first” active year, Cybereason has thwarted off break-in attempts by the criminal group for ten of its customer companies. The ransom requests from the group have ranged from $200,000 to $2,000,000. Although the group is new, the members are not inexperienced. They have vocalized this on their site, claiming to have previously made millions through extortion and that their new malware, discovered in August and linked to the DarkSide name, is not an indicator of their history or experience.
DarkSide’s site also digitally showcases data and information from victims who have not paid their ransoms. The paraded documents and data are attributed to over 80 companies from Europe and the United States. This extortion tactic is very similar to other cybercriminal organizations the United States has faced recently, one being Babuk.
Babuk recently attacked the Metropolitan Police Department, stealing over 250 gigabytes of data. The stolen data included personal information about police officers, some of which has been publicized. The Metropolitan Police failed to meet the “financial standard” set by Babuk, and, in retaliation, the criminal organization released 22 personal files on officers. Negotiations are ongoing as Babuk has granted the Washington, D.C.-based police department 24 hours to raise its settlement price to avoid the release of all 250 gigabytes of data.
Babuk and DarkSide represent a sector of crime within the already complex and developing world of cybercrime. The extortion/ransom business may become an increasing criminal threat towards large corporations and governments around the world, as these two groups have shown just how impactful they can be.
Read more from Keelin Ferris.