Everything You Need to Know About the Colonial Pipeline DarkSide Ransomware Attack
This past weekend, news broke of a monumental ransomware attack that caused a major distribution disturbance to a US fuel pipeline that provides 45 percent of the East Coast’s gasoline, diesel and jet fuel.The hackers behind the attack, the DarkSide Ransomware Gang, generally operate within a “Ransomware-as-a-Service” business model. In simple terms, this means that they lease their malicious code to cybercriminals that wish to extort ransoms from potential victims but lack the technical expertise to design their own proprietary malware.
DarkSide is only one of many outfits that sell code, and additionally, they engage in “Double Extortion” tactics that include both file encryption and threats to publish stolen data via a “dark web” leak site.Generally, groups like Darkside will provide victims with a ransom note and request payment in Bitcoin. If the payment request is ignored, the victims files will remain encrypted and inaccessible, and the group will publish sensitive files to attempt to shame the victim and compel them to pay up. It also serves as a tactic to intimidate future victims into believing that there will be a consequence for non-payment.
Although the group is based in Russia, it is not believed that the Kremlin authorized the attack in any way. In fact, in response to the widespread attention that the Colonial Pipeline attack received, the DarkSide group attempted to dispel fears regarding widespread infrastructure attacks in the future.“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other motives [sic],” the group said on their data leak site. “Our goal is to make money, and not create problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”DarkSide generally only targets large corporations and does not allow its customers to employ ransomware against several industries that include education, healthcare, funeral services and nonprofits.
The Colonial hack happened just as the Justice Department begins a 120-day review of critical cybersecurity threats. This new comprehensive review, announced last by newly confirmed Deputy Attorney General Lisa Monaco, will examine several cyber threats including the Chinese and Russian threats, cryptocurrency hacking attacks, and supply chain attacks like the Colonial and SolarWinds attacks. “We are launching this week, under my direction, a review of how the department is looking at exactly this set of challenges,” Monaco proclaimed last week. “We want to bring forth actionable recommendations in a 120-day time frame on what we can be doing better, working with our partners across borders, to address these threats.”
Currently, the Cybersecurity and Infrastructure Security Agency (CISA), a subdivision of the Department of Homeland Security, is still awaiting confirmation of a new director. Jen Easterly, a former cybersecurity and counterterrorism official at the NSA was nominated last month by Joe Biden. During her years at the NSA, America saw a surge in international hacks.
This was highlighted in the wake of the release of a secret map that displayed almost “600 corporate, private or government victims of Chinese Cyber Espionage” that were victimized during a 5-year period. The hacks reached “all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military,” according to reports.The Colonial DarkSide attack is likely the beginning of more aggressive hacking from the Chinese and Russian cybercrime groups.
But we have learned this year that many of the new attacks aren’t limited to major corporations and government entities, as a huge surge in attacks against Mac users, who decades ago assumed that they were immune to hacks on their platform, fell victim to many new Malware strains.The world of cyber threats seems to only be getting more dangerous and wide reaching. With the multitude of economic issues that America is facing, it is imperative for security agencies like CISA to perform at the highest possible level.
Darkside Hackers : Everything You Need to Know About the Colonial Pipeline DarkSide Ransomware Attack
Written by Julio Rivera who is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.