|
Darkside Response: Starting to Make Sense Now
This Gang's Feeling Like 'Oh No We Woke the Sleeping Giant'
Rise of DarkSide: Ransomware Victims Have Been Surging
Crime Syndicate's Big Game Hunting and Advanced Extortion Risk Becoming
Commonplace
For anyone wondering how a Russian-speaking, ransomware-wielding crime syndicate
was able to
disrupt a major U.S. fuel pipeline, a more pertinent question might be:
Why didn’t it happen sooner?
The DarkSide operation
first appeared in August 2020 with a clear MO: To take down big targets in
pursuit of massive ransom payoffs. Information security experts call this
strategy big game hunting.
&uuid=(email))
Unless something is done to disrupt this criminal business model, what seems
audacious today risks becoming even more commonplace tomorrow.
Unfortunately, extortionists pursuing this strategy have not only been
disrupting large organizations but also have seen many of them pay ransoms,
yielding
massive profits. (Colonial Pipeline just paid $5 million.)
'We Do Not Want to Kill Your Business'
For a relative newcomer, DarkSide has already left a big impression. The
operation announced its debut on cybercrime forums on Aug. 10, 2020,
saying that "we are a new product on the market, but that does not mean that we
have no experience and we came from nowhere." Threat intelligence firm
Flashpoint says the group's first known attack also occurred the same day.
At the time, the gang promised that it would not attack any organizations in
the medical, healthcare, nonprofit or government sectors. "We only attack
companies that can pay the requested amount, we do not want to kill your
business," the gang claimed. (Watch out retailers)
In November 2020, on Russian-language cybercrime forums, gang member "darksupp"
began to advertise for two types of affiliates for what was becoming a
ransomware-as-a-service operation: initial access brokers able to hack into
targets and attackers able to use already obtained access to deploy ransomware,
security firms say.
Ransomware-as-a-Service Model
Most ransomware-wielding gangs today operate via this type of
ransomware-as-a-service model, in which operators develop the malware and
infrastructure, including payment portals for victims, and provide this as a
service to affiliates, who infect victims. Such specialization has helped
ransomware operators increase their profits, especially as they
recruit more technical specialists to the operation and sign up more
technically advanced affiliates. Whenever a victim pays, the operator and
affiliate share the profits.
careersinfosecurity.com
|
&uuid=(email))
&uuid=(email))
