After the DarkSide took down the fuel infrastructure, shutting down 5500 miles of pipeline, the public got a wakeup call on the importance of cybersecurity. Public awareness of cybersecurity crime has moved from the shadows into a tangible financial and logistical problem for many citizens. The control of infrastructure by unknown groups from unknown locations has increased the public desire for government intervention. With the rapidly changing global environment, does this disreputable activity warrant a closer look? Perhaps more interesting are the reports that DarkSide has already been shut down actually true?
Who or What is DarkSide?
In order to understand DarkSide, know that malware is a file or a code designed to cause damage to a computer or network. Ransomware is a form of malware designed to deny system access until a ransom is paid. DarkSide organizers are Russian in origin and offer ransomware-as-a-service (RaaS) to cybercriminals, employing a double extortion capability of file encryption and data theft. The malware is deployed on compromised networks like Colonial Pipeline.
Trying to portray themselves as altruistic, DarkSide recently stated, “We are apolitical, we do not participate in geopolitics, with no need to tie us with a defined government.” We now know that DarkSide is a ruthless organization, earning $15 billion annually from United States victims. The New York City cyber intelligence firm Flashpoint stated that they did not think the DarkSide attack was intended to damage infrastructure and simply thought Colonial would pay large sums of money for their ransom.
After massive fuel problems for the public last week, DarkSide tried to downplay future widespread infrastructure attack fears. Brian Krebs (KrebsonSecurity), an American journalist known for coverage on profit-seeking cybercriminals reported the following comments from the Darkside Leaks blog, “Our goal is to make money, and not create problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
In fact, DarkSide has a history of trying to be ethical in a nefarious line of business. They “try” to adhere to so-called ‘principles’, stating “we will not attack the following targets: Medicine, funeral services, education, nonprofit organizations, and government sector. We only attack companies that can pay the requested amount, we do not want to kill your business.” In other words, DarkSide and a few other similar entities are trying to downplay their true activity by posing as a modern Robin Hood role, all the while extorting others and padding their own pocketbook.
It turns out that it is not always easy to be philanthropic in this line of business. Threatpost, an independent news site dedicated to IT information and business security, stated on Friday that the DarkSide tried to give $20,000 in donations to charities last October. It was a short-lived empty gesture as both The Water Project and Children International refused the money.
Public Outcry
Even though Energy Secretary Jennifer Granholm said the nation is “over the hump” on gas shortages, on Friday, Virginia Attorney General Mark Herring said his office received more than 500 reports of price gouging and was still responding to consumer complaints. Frustrated Americans, especially in affected areas, now have firsthand experience of the damaging effects of cybercrime and infrastructure denial.
President Biden signed an executive order to strengthen federal cyber defenses following the pipeline hack on May 12. Will Biden’s Executive Order creating a rating system for developmental security for software and internet devices, prove useful? The EO also requires IT service providers with federal contracts to share information on cyber breaches, while establishing a new cybersecurity safety review board to study major incidents.
In somewhat revelational news, according to Brian Krebs, DarkSide ransomware gang called it quits last week. It appears the crime gang “announced it was closing shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.”
Perhaps more interestingly is the secrecy surrounding what country or entity was behind the seizure and subsequent shutdown of DarkSide. How long the group will be offline or when the next cyber-attack will occur, remains to be seen. It is obviously not the last such attack on our infrastructure that we will see.