PALO ALTO, USA – The latest ransomware attack on a large US fuel pipeline was made possible by an organization that offers the hacking equivalent of “software as a service”.
The group, known as DarkSide, specializes in developing tools that are made available to external partners that actually carry out attacks – a model known as “ransomware as a service”. It has given itself many of the trappings of a legitimate company, right down to providing a support phone number for victims.
“Our goal is to make money and not create problems for society,” said the group on Monday in a statement on the Colonial Pipeline hack.
“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government [sic] and look for other … motives, “the Post said, alluding to speculation that the group has ties to state actors such as former Soviet bloc countries.
DarkSide is a relative newcomer to the scene, whose ransomware was first confirmed last August, according to Boston-based cybersecurity firm Cybereason. The code not only encrypts data on the target system – making it inaccessible to users – but also sends it to the attacker, who can threaten to publish it publicly for additional benefits.
“The hacker behind it [ransomware as a service] usually built a large botnet that includes a large number of compromised computers called bots under the command of the hacker, “said Chin-Tser Huang, a professor of computer science at the University of South Carolina and an expert in information security.
“The hacker can rent his bots to interested criminals to launch a large-scale attack on target companies to maximize damage and increase the chance of ransom money,” said Huang.
DarkSide and other ransomware providers make powerful and potentially lucrative malware available to people who do not have the in-depth technical knowledge needed to write their own code.
Clifford Neuman, associate professor of computer science practice at the University of Southern California, compared this to the older dynamic between malware developers and the “script kiddies” who would acquire their tools to attack targets of opportunity.
“‘Ransomware as a Service’ is the next step in this development, which enables the developers of the tools to generate a continuous source of income while supporting the criminal activities of the so-called partners,” said Neuman.
DarkSide ransomware has been used against victims in English-speaking countries, but the group appears to be avoiding attacks in the former Soviet states through voice-based screening, according to Cybereason. She posted stolen data from more than 40 victims on her website. Ransom demands typically range from $ 200,000 to $ 2 million.
DarkSide has stated that it limits its targets to large corporations while excluding attacks on hospitals, schools, and nonprofits. The group set up a help desk to facilitate negotiations with the victims and says they donate part of their proceeds to charity, apparently to create a semblance of legitimacy.
Monday’s statement signaled regret over the disruption of an important fuel artery that runs from Texas to New York and supplies energy for much of the east coast. “From today we are introducing moderation and checking every company that our partners want to encrypt in order to avoid social consequences in the future,” said the group.
But his tools are becoming more and more sophisticated. The group recently announced the release of DarkSide 2.0, which offers even faster encryption capabilities.
Anne Neuberger, Deputy National Security Advisor for Cyber and New Technologies, expressed her concern about DarkSide ransomware in a press conference on Monday.
“It’s a new and very disturbing variant where it is essentially provided as a service and the proceeds are split between the perpetrators and developers,” she said.
With the emergence of groups like DarkSide fueling wider use of ransomware as a tactic, payments to ransomware cryptocurrency accounts more than quadrupled to $ 350 million over the past year, according to blockchain analytics firm Chainalysis.
Research firm Gartner estimates that information security spending will increase by an average of 8.7% per year from 2020 to 2025 to $ 213.7 billion as companies strive to strengthen their defenses against cybercrime and the game of hackers in between Hackers and their goals continue.