DarkSide Ransomware Hits the Colonial Pipeline — and Creates an Unscrupulous Mess

DarkSide describes the enforcement problem even before the Colonial Pipeline attack. It almost exclusively targets English -speaking organizations and is widely thought to be a criminal group based in Russia or Eastern Europe. DarkSide malware is still being built to conduct language checks on targets and to crack if it detects Russian, Ukrainian, Belarusian, Armenian, Georgian, Kazakh, Turkmen, Romanian, and other languages ​​associated with geopolitical interest. Russia. The Kremlin has historically allowed cybercriminals to operate indiscriminately within its borders as long as they simply do not follow their countrymen.

DarkSide’s rent-to-ransomware business model makes it difficult to determine who, in particular, is behind any given DarkSide attack, convenient isolation for everyone involved. And the availability of ransomware-for-hire services shows how popular-and useful-these attacks are. DarkSide members focus on stealing credit card data and ATM cashout attack for years, according to Adam Meyers, vice president of intelligence at security firm CrowdStrike, who tracks DarkSide’s activity under the name Carbon Spider. “They switched to the ransomware game because a lot of money was in it,” Meyers said.

The Biden administration has signaled in recent weeks that it plans to focus real attention on addressing the ransomware threat. The White House is hired for key cybersecurity policy and responsibilities to respond to and participate in a public-public ransomware forces aimed at creating comprehensive recommendations to prevent the problem. The Colonial Pipeline incident now gives the White House a renewed impetus to take action on policy proposals.

“We are bringing a comprehensive and comprehensive government response to this incident and to ransomware in general,” deputy national security adviser Anne Neuberger said in a White House speech on Monday. “We are aggressively investigating the incident and its perpetrators.”

Neuberger said the administration believes DarkSide is just a criminal actor but the intelligence community is looking at the possibility of having a relationship with the government. On Monday, President Biden called on the Russian government to stop committing cybercriminals.

“I will meet with President Putin,” Biden said. “So far there is no evidence… from our intelligence people that Russia is involved, although there is evidence that the ransomware of the artists is in Russia. They have a responsibility to deal with it. ”

One question answers the dog ransomware is whether the government should make it illegal for victims to pay ransom. In theory, no longer paying the ransom would mean no more incentives for the persistence of criminals. But members of the public-private ransomware task force say the group has not reached a consensus on firm recommendations to end it; trade-offs are not easily opened.

Steps that can work in quick terms? Asking to baptize victims of ransomware incidents, and create a cyber board review board in the United States, said Rob Knake, a senior member of the Council on Foreign Relations and a former director for cybersecurity policy at the National Security Council. Now most victims silence ransomware attacks when possible; a full account of these revolving crises may inspire a response. “The notice is important, because cyber incidents are not like plane crashes-the agency investigating may never have known it was happening,” Knake said. “That’s why in order for the cyber incident investigation board to be successful it needs to be notified of incidents and have the authority to investigate. The volunteer will not act.”

Meanwhile, cybersecurity professionals say they hope the Colonial Pipeline incident will eventually spark action to combat the ransomware. Given how many more severe attacks have failed to act as this catalyst, however, they are wary of over-optimism.

“We’ve come to a point where just improving the system has a meaningful impact,” Meyers said of Crowdstrike. “And organizations don’t have to have the bandwidth, funds, and staff to do this. Yet it does have to be a wake-up call to any organization: You have to do better or you’ll suffer the same fate.”

More WIRED Stories

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *