DarkSide: The Russian hacking outfit behind the Colonial Pipeline attack is given free rein by the Kremlin to target Western countries
The cyberextortion attack that forced the shutdown of America’s largest fuel pipeline was carried out by a criminal gang known as DarkSide that is believed to based out of Russia where they are given free rein to target Western countries.
DarkSide is made up of veteran cybercriminals but insists it is not political. Like many others, however, DarkSide seems to spare Russian, Kazakh and Ukrainian-speaking companies, which does suggest a link to Russia.
Ransomware rackets are now dominated by Russian-speaking cybercriminals who are shielded - and sometimes employed - by Russian intelligence agencies, according to US officials.
Cyber experts say Russia gives free rein to hackers who target the US and European countries.
DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe.
‘Whether they work for the state or not is increasingly irrelevant, given Russia’s obvious policy of harboring and tolerating cybercrime,’ Dmitri Alperovitch, a former CTO of CrowdStrike, told NBC of DarkSide’s recent hacking.
The FBI on Monday confirmed that DarkSide was responsible for the attack on Colonial Pipeline that has experts fearing widespread gas shortages and significant price hikes. The federal agency did not mention DarkSide’s ties to Russia.
The US last month slapped sanctions on Russia for malign activities including state-backed hacking. The Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor.
DarkSide, which cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, said in a statement posted on the dark web that their only goal was to ‘make money’ and not create problems for society.
‘We are apolitical, we do not participate in geopolitics,’ the statement read. ‘Our goal is to make money and not creating problems for society.’
‘From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.’
Despite only emerging in August last year, DarkSide appears to be very organized, experts say.
Those who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.
‘They’re very new but they’re very organized,’ Lior Div, the chief executive of Boston-based security firm Cybereason, said. ‘It looks like someone who’s been there, done that.’
DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center and a victim hotline to help facilitate ransom payments.
Experts say DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.
DarkSide’s site on the dark web hints at their hackers’ past crimes with claims they previously made millions from extortion and that just because their software was new ‘that does not mean that we have no experience and we came from nowhere’.
The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up. It advertises stolen documents from more than 80 companies across the US and Europe.
One of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting ‘portions of its information technology systems’ last month.
DarkSide has previously targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential and an Office Depot subsidiary called CompuCom.
The group has a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.
They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments. They instead go after big organizations that can afford to pay large ransoms and claims to donates a portion of its take to charity.
The group has posted receipts from donations it claims it has made to US charities in the wake of ransom attacks.