Ransom group linked to Colonial Pipeline hack is new but experienced

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

By Raphael Satter

Projection of cyber code on hooded man is pictured in this illustration picture

© Reuters/Kacper Pempel
Projection of cyber code on hooded man is pictured in this illustration picture

WASHINGTON (Reuters) – The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs.

Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

“It looks like someone who’s been there, done that.”

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

“It’s as if someone turned on the switch,” said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.

Ransom software works by encrypting victims’ data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

Gallery: Could your Facebook profile be up for sale? (Lovemoney)

text, letter: It has recently emerged that personal details from more than 530 million Facebook accounts have been posted to a hacking forum and are on sale for very little money. Information such as email addresses, phone numbers and dates of birth have been breached and, according to CyberNews, the data is likely to have been on sale since last June. It has been reported that 32 million of these accounts were based in the US, and 11 million in the UK. Facebook has responded by stating the data breach was related to an old hack, which was "found and fixed" in August 2019. But as most people don't regularly change email addresses or phone numbers, it remains a security risk for many. The leak could lead to a heavy fine in Europe, where the EU imposed strict General Data Protection Regulation (GDPR) rules from May 2018, unless Facebook can prove that the breach took place before those data regulations were put in place. Ireland's data protection agency launched its own investigation into the data breach last week.  But Facebook is not the only business to have a data breach come to light in the past year. Click or scroll through the major company and government hacks and data breaches that have put our valuable information at risk.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that…