How Hacking Became a Professional Service in Russia


DarkSide’s most high-profile hacking operation may prove to be its last: in early May, the group launched a ransomware attack against the Colonial Pipeline Company, which provides as much as half the fuel supply for the East Coast of the United States. As the effects of the hack mounted, the company shut down the pipeline, and that led to a spike in the price of gasoline, as well as days of widespread fuel shortages. President Joe Biden declared a state of emergency. DarkSide reportedly walked away with a five-million-dollar ransom, but receiving the payout appears to have come at a cost. On May 14th, DarkSide’s site went down, and the group said that it has lost access to many of its communication and payment tools—as a result of either retaliation from the U.S. or a decision by the members who fund the organization to pull the plug themselves.

DarkSide is a so-called ransomware-as-a-service enterprise, meaning that it does not actually perform the labor of carrying out cyberattacks. Instead, it provides affiliated hackers with a range of services, from handling negotiations to processing payments. It had a blog and a user-friendly interface for hackers to upload and publish stolen information. When DarkSide débuted on Russian-language cybercrime forums, last August, its launch announcement sounded like a tech entrepreneur’s pitch deck. “We created DarkSide because we didn’t find the perfect product for us,” it read. “Now we have it.” It set out a sliding fee scale, ranging from twenty-five per cent of ransoms worth less than half a million dollars to ten per cent of those worth five million or more.

Ransomware as a service, like the modern tech economy as a whole, has evolved to account for a high degree of specialization, with each participant in the marketplace providing discrete skills. An operation such as DarkSide’s attack against Colonial Pipeline begins with an individual or team of hackers known as “individual access brokers,” who penetrate a target company’s network. From that point, another hacker moves laterally to the domain controller, the server in charge of security and user access, and installs the ransomware code there. (DarkSide, among…

Source…