Breaking News
0
Ad-Free Version. Upgrade your Investing.com experience. Save up to 40% More details

Ransom group linked to Colonial Pipeline hack is new but experienced

Stock MarketsMay 10, 2021 07:05PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
 
2/2 © Reuters. FILE PHOTO: A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration 2/2

By Raphael Satter

WASHINGTON (Reuters) -The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn't mean its hackers are amateurs.

Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn't been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

"They're very new but they're very organized," Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

"It looks like someone who's been there, done that."

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

"It's as if someone turned on the switch," said Div, who noted that more than 10 of his company's customers have fought off break-in attempts from the group in the past few months.

Ransom software works by encrypting victims' data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

DarkSide's site on the dark web hints at their hackers' past crimes, claims they previously made millions from extortion and that just because their software was new "that does not mean that we have no experience and we came from nowhere."

The site also features a Hall of Shame-style gallery of leaked data from victims who haven't paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

Reuters was not immediately able to verify the group's various claims but one of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc which publicly disclosed a digital shakedown attempt affecting "portions of its information technology systems" last month.

A Dixie executive did not immediately return a message seeking further comment.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity. Even its tech savvy is nothing special, according to Georgia Tech computer science student Chuong Dong, who published an analysis http://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware of its programming.

According to Dong, DarkSide's code was "pretty standard ransomware."

Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.

Typically "they know who is the manager, they know who they're speaking with, they know where the money is, they know who is the decision maker," said Div.

In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard - may have been a miscalculation.

"It's not good for business for them when the U.S. government becomes involved, when the FBI becomes involved," he said. "It's the last thing they need."

As for DarkSide, which usually isn't shy about putting out press releases and promises registered journalists "fast replies within 24 hours," the group has stayed uncharacteristically silent.

The reason is not clear. Requests for comment Reuters left via its main site and their media center have gone unanswered.

Ransom group linked to Colonial Pipeline hack is new but experienced
 

Related Articles

Big Tech critic Khan becomes U.S. FTC chair
Big Tech critic Khan becomes U.S. FTC chair By Reuters - Jun 15, 2021 6

By David Shepardson, Nandita Bose and Diane Bartz WASHINGTON (Reuters) -Lina Khan, an antitrust researcher focused on Big Tech's immense market power, was sworn in on Tuesday as...

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

Write your thoughts here
 
Are you sure you want to delete this chart?
 
Post
Post also to:
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Comments (4)
Ryan Fx
Ryan Fx Jun 06, 2021 6:37AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
very good
Catholic Man
CatholicMan Jun 03, 2021 11:10AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
biden is so weak these groups will flourish
Louis Moore Bacon
Louis Moore Bacon May 10, 2021 10:06AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
It’s way past time to be super aggressive and go after these groups and smash them
Catholic Man
CatholicMan May 10, 2021 10:06AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
biden is too weak
Al Gore
Al Gore May 09, 2021 4:51PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
very good
 
Are you sure you want to delete this chart?
 
Post
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's Investing.com's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
or
Sign up with Email