Business News

Colonial oil pipelines say we will regret “creating problems”

[ad_1]

The hacker team has been accused of this weekend’s ransomware attack Colonial oil pipeline he stressed that he wants to make money and deplored “creating problems for society”.

In one statement issued MondayThe criminal group, known as DarkSide, said it was “apolitical” and tried to divert the blame for the attack to “partners” who used its ransomware technology.

On Monday, the FBI named DarkSide the author of a giant hack that took the key to U.S. oil pipeline offline for three days, threatening to raise fuel prices and forcing the U.S. government to bring in emergency powers to continue pouring supplies.

“The FBI has confirmed that the DarkSide ransomware is responsible for the involvement of the Colonial Pipeline networks,” the agency said in a statement. “We continue to work with the company and government partners in the investigation.”

Ransomware attacks hackers take control of the organization’s data or software systems, locking the owner through encryption until payment is made.

“Our goal is to make money, and not create problems for society,” DarkSide said, adding that “every company that our partners want to encrypt will check to avoid social consequences in the future”.

DarkSide was created last August as one of the leading ransomware outfits, and is believed to be run by an experienced criminal network from Russia. Silicon Valley cybersecurity company CrowdStrike has found the origin of DarkSide known as Carbon Spider, last year “underwent a tremendous overhaul of their operations.” grows rapidly ransomware field.

“We’re a new product on the market, but that doesn’t mean we don’t have experience and we’ve come from nowhere,” DarkSide said before.

Brett Callow, an analyst at the cybersecurity group Emsisoft, said: “DarkSide doesn’t eat in Russia. It checks the language used by the system and, if it’s Russian, leaves it unencrypted.”

The group added that it rented its services on the dark web. “It’s a ransomware operation like the DarkSide service. I assume the attack on Colonial was carried out by an affiliate and the team is concerned about the level of attention it has attracted.”

As a sign that the ransomware industry has become professional, DarkSide operates its own “press office” and says it has an ethical approach to choosing targets. The DarkSide website says it will attack medical organizations such as hospitals, care homes and vaccine developers, “based on our principles”; funeral service providers; schools and universities; nonprofits and government organizations.

This is comparable to the rest of the ransomware industry, where healthcare providers and the public sector are among the biggest targets. Colonial Pipeline is a private company including owned by investors Shell, KKR and Koch Capital.

Kaspersky IT security firm said DarkSide aimed to “create as much online buzz as possible”.

“Getting more media attention can spread DarkSide’s fear, making it more likely that the next victim will decide to pay instead of creating problems,” Kaspersky researcher Roman Dedenok said recently blog post.

Prior targets include Brookfield, Discountcar.com, a subsidiary of the Canadian car rental group Enterprise, and CompuCom, an IT company owned by the US-based parent company Office Depot.

Arete, which provides incident response services to cybercrime victims, has found that DarkSide is mostly targeted by professional services and manufacturing companies, despite its bailout requests ranging from $ 3 million to $ 10 million, while Bleeping Computer security news has found evidence of hundreds of thousands of rescues. even in dollars.

In an interview with a security blogger DataBreaches.net, A representative of DarkSide who called him “DarkSupp,” said he had investigated how much the suit could pay for his goals (e.g., looking at insurance coverage) before deciding how many ransoms to claim.

“We only attack companies that can pay the amount requested,” DarkSide said earlier. “We don’t want to kill your business.”

K according to screenshots of a published victim Bleeping computer, DarkSide sends a clear list of “Welcome to Dark” instructions for each target. Detailed details and samples of the stolen data are presented and victims are warned that they will be automatically posted online if they refuse to pay for at least six months. This technique of threatening to exclude two victims from their systems and embarrassing them by making stolen data public is called “double extortion”.

DarkSide hackers also try to reassure victims that they will act according to their own rules, saying, “We value our reputation. If we don’t do our job and responsibility, no one will pay us.” It also provides technical assistance, using a decryption tool that victims receive when they pay for “problems”.

Daily newsletter

# tFTFT provides you with news, comments and analysis on the major companies, technologies and issues that make up the fastest moving sectors in the hands of specialists from around the world. Click here #techFT to access your inbox.

Ransomware attacks rose 62 percent last year, according to the firewall developer SonicWall, Including success over 200m in the US. This was partly caused by the pandemic, which forced companies to flee the office with the task of securing remote employees, as well as the rise of bitcoin, through which many hackers demand payment. According to a recent survey by the Hiscox insurance team, more than half of those targeted by ransomware pay.

Additional news from James Politi in Washington

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button