A few days ago the cybercriminal group DarkSide attacked the Colonial Pipeline in the USA, stole data and shut down the pipeline. A comment from Vladimir Kuskov, Head of Threat Exploration at Kaspersky.
Such targeted ransomware attacks have become more and more common in recent years, as Kaspersky analyzes show: The number rose by 2019 percent from 2020 to 767. In addition, there are more and more attacks on industrial companies - also in Germany. In the second half of 2020, 33 percent more ransomware and 43 percent more malicious documents were blocked within industrial control systems than in the first half of 2020 [3].
“The goal is to make money”
“DarkSide is a typical group of cyber criminals involved in big game hunting. Your goal: make money. They work through affiliate partner programs and offer their ransomware “partners”, who in turn buy access to organizations from other hackers and then use this to deliver ransomware. Unlike some other groups, DarkSide claims to have a code of conduct: They claim not to attack hospitals, schools, government institutions and non-commercial organizations.
Cyber gangsters with a code of conduct
DarkSide published a statement on their homepage yesterday. Accordingly, they did not expect such far-reaching consequences and such high attention after the attack on the Colonial Pipeline. The introduction of a kind of "moderation" should avoid similar situations in the future.
There are two versions of DarkSide ransomware - for Windows and Linux. Both versions have a secure cryptographic scheme so that decryption without a key is not possible. In the past, they used the same keys for multiple victims, and security companies were able to create a decryption tool that allowed victims to recover their files without paying the ransom. DarkSide reacted to this in the Darknet forum and resolved this problem, which was significant for them, so that those affected unfortunately no longer have this option. "
Kaspersky products protect against DarkSide ransomware and identify them as Trojan-Ransom.Win32.Darkside and Trojan-Ransom.Linux.Darkside.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/