Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.
Crime, technology and society by Angus Bancroft
 
Cybercriminals are doing press releases
Research

Cybercriminals are doing press releases

… and unlike 99% of press releases these actually tell you something and are worth reading

DarkSide is a Russian based ransomware group which on May 7th 2021 shut down the East Coast US fuel pipeline network owned by Colonial Pipeline. The group’s ransomware was used to lock up the pipeline network with damaging consequences for economic activity in serval US states. DarkSide are the classic crime as a service (CaaS) outfit, renting their capacity to clients and offering service support to victims to make paying the ransom easier. CaaS is a business model where the crime group provides the tools to engage in ransomware attacks, such as the hacking and encryption system and cashing out services. Its clients take the risk and the group take a cut of the profit.

The attack was the culmination in a growing series of infrastructure attacks. They issued a statement clarifying that it is not involved with the Russian government. They were very keen to say they were motivated by money rather than politics:

’We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.

Our goal is to make money, and not creating problems for society.

From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences for the future’. 10/5/2021

The group seems keen to start at least appearing like it is limiting its operators to less ethically and politically charged targets. The Bleeping Computer article linked below shows the extent to which an international CaaS operator has to operate in a tricky geopolitcal climate. It attempted to shift its hosting operations to Iran in 2020. However that create a problem for it. The companies who would pay the ransom and the outfits that negotiate payments such as Coveware would then be guilty of violating US led sanctions against Iran. No profit! That may explain why they are so keen to distance themselves from the Russian government and to assert that they will limit their operations. The latter statement just reasserts a claim they made in 2020 however so there may be more chaff than anything else here. The outfit does have an interest in targeting organisations who can pay and so this seems like a fairly rational response to embarrassment caused by misbehaving clients and an attempt to protect its business model.

https://www.bleepingcomputer.com/news/security/darkside-ransomware-will-now-vet-targets-after-pipeline-cyberattack/

 

 

Cybercriminals are doing press releases / Dark matters by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel