Connect with us

Hi, what are you looking for?

Tech

DarkSide, Hacking Group Linked to Colonial Pipeline Attack, Says It Is Closing

[ad_1]

The criminal group linked to a cyberattack that disrupted gasoline delivery across parts of the southeastern U.S. this week has told hacking associates that it is shutting down, according to security research firms.

A website operated by ransomware group DarkSide, which U.S. officials have said is believed to originate in Eastern Europe, has been down since Thursday.

DarkSide has told associates it has lost access to the infrastructure it uses to run its operation and would be shutting down, citing pressure from law enforcement and from the U.S., according to security firms

FireEye

and Intel 471. DarkSide didn’t respond to requests for comment earlier in the week made through its web site before it was shut down.

It is not uncommon for ransomware groups such as DarkSide to disband, only to pop up later under a different name. It couldn’t be determined if the U.S. had any role in DarkSide’s claimed disruption or if the disruption was authentic. The FBI and the Justice Department didn’t immediately respond to requests for comment.

Long lines formed at gas stations along the East Coast on Tuesday, as drivers made a run on gasoline amid fears of shortages due to the shutdown of the U.S.’s largest fuel pipeline following a cyberattack. Photo: Robin Rayne/ZUMA

Colonial Pipeline Co., the operator of a critical gasoline pipeline to the Eastern U.S., became DarkSide’s latest victim this week and paid close to $5 million to the hackers, according to people familiar with the matter. The company shut down the pipeline May 7 and restarted it Wednesday.

President Biden on Thursday said his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate,” though he didn’t elaborate. Asked if he would rule out whether the U.S. would respond with cyber operations, Mr. Biden replied “no.”

Mr. Biden also said he expected to speak to Russian President Vladimir Putin soon about the country tolerating criminal hacking enterprises within its borders. Cybersecurity experts and U.S. officials have said that has allowed international cybercrime originating from Russia to flourish unhindered for years.

In less than a year, DarkSide had gone from a relative unknown in the growing criminal enterprise of ransomware to one of the biggest and most consequential operators in less than a year, security researchers say. The group has grown by recruiting “affiliates”—hackers who will penetrate online networks of businesses or public institutions—with whom it works to disrupt operations. The group splits the ransom money with such affiliates, taking a percentage of the funds, security researchers say.

DarkSide’s criminal efforts brought in at least $60 million in the first seven months of operation, with $46 million of it coming in the first quarter of 2021, according to blockchain research firm Chainalysis Inc. Because Chainalysis has an incomplete picture of all of DarkSide’s activities, the ransomware gang’s total haul was likely larger, the company said.

The Colonial pipeline hack marked another major financial score for Darkside, albeit one that drew significant scrutiny and would have made it difficult to collect payments, according to security researchers

On Monday, the group issued a brief statement on its website saying it was apolitical and would take greater steps to moderate which targets it hit in the future. “Our goal is to make money and not creating problems for society,” the group wrote on its website.

“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., a company that helps victims respond to ransomware incidents.

The shutdown may create challenges for companies who are trying to recover from an infection of the DarkSide ransomware. DarkSide encrypts the contents of victims’ computers, making them unusable. But the hackers are promising to provide decryption software at some time in the future, according to their statement.

Ransomware is part of an emerging and profitable criminal business that generated more than $400 million in income in 2020, according to Chainalysis. Hacking groups like DarkSide have reinvented the process through which criminal networks extort victims. Security researchers call their work ransomware-as-a-service. They make their money by offering customers—criminal hackers—a way to deploy their illegal software and extort victims via a well-designed web interface.

The affiliates are the ones who break into corporate networks, and they get most of the ransom payments—usually around 75%, according to FireEye. DarkSide writes the software, they bill the victims, host stolen data, and even handle tech support and media relations, researchers say.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

[ad_2]

Source link

You May Also Like

U.S.

[ad_1] The federal NDP will press Parliament’s Information Commissioner to investigate how and why a Trudeau cabinet minister’s officer began a process that...

U.S.

[ad_1] By Staff The Canadian Press Posted May 18, 2021 1:46 pm     Updated...

U.S.

[ad_1] THE WEST BLOCK Episode 35, Season 10 Sunday, May 23, 2021 Host: Mercedes Stephenson Guests: Dominic LeBlanc, Intergovernmental Affairs Minister Brian Bowman,...

U.S.

[ad_1] A ceasefire between Israel and Hamas held into a third day on Sunday as mediators spoke to all sides about extending the...