Tag Archive for: DarkSide

The US Puts a $10M Bounty on DarkSide Ransomware Hackers

/in


On Friday, the radical transparency group DDoSecrets released hundreds of hours of police helicopter surveillance footage. It’s unclear who originally obtained the data, or what that person’s motivations were, but the trove shows how extensive law enforcement’s eye-in-the-sky has become, and how high-fidelity its cameras are. Privacy advocates also say the incident underscores that authorities don’t do nearly enough to protect sensitive data, and have retention policies that are far too lax. 

In other aerial news: For the first time, intelligence officials say, a consumer drone likely attempted to disrupt the US power grid. The July 2020 incident took place at a power substation in Pennsylvania; a DJI Mavic 2 quadcopter outfitted with nylon ropes and copper wire seemed determined to cause a short circuit, but crash-landed on a nearby roof before it reached its apparent target. Security experts have warned about this possibility for years, and say that regulatory bodies haven’t moved quickly enough to mitigate the threat.

This week saw China’s new data privacy law go into effect, and the ramifications have already begun to play out. Yahoo! exited the country, citing an “increasingly challenging business and legal environment.” And while the regulations are some of the strictest in the world, the fact that the Chinese has tied them to national security interests—and continues to give itself extraordinary access to its citizens’ data—may inspire other countries to take a similarly aggressive posture. 

Cryptocurrency scammers used the popularity of the Netflix hit Squid Game to gin up interest, then pulled the rug on investors to the tune of over $3 million. The White House Market dark web bazaar shuttered earlier this month, but raised the bar for security measures during its brief reign. And if you’ve got iCloud+, here’s how to take advantage of all of the new security measures you can now access.

Finally, make sure you set aside a few minutes this weekend to dive into this tale of how a group of fed up parents built their own open source version of their school system’s app—only to have the city call the cops on them.

And there’s more! Each week we round up all the security…

Source…

Infamous DarkSide ransomware reborn as new cyber threat: reports

/in


Prevailion founder and CEO Karim Hijazi discusses the spike in ransomware attacks on businesses.

A new cyber gang is in town – and tapping into the best features of ransomware used in the Colonial Pipeline attack.

That new gang, BlackMatter, is upfront about its origins, stating that it has “incorporated” the “best features” of DarkSide and two other kinds of ransomware, REvil and Lockbit, according to a statement from the BlackMatter group as noted by cybersecurity company Recorded Future.

DarkSide was identified by the U.S. government as the ransomware responsible for the Colonial Pipeline attack, which resulted in the shutdown of a major pipeline supplying fuel to the U.S. East Coast.

A man leaves a Murrphy Oil gas station as pumps are seen out of gas, Tuesday, May 11, 2021, in Kennesaw, Ga. after Colonial Pipeline halted operations because of a cyberattack. (AP Photo/Mike Stewart) 

After the attack, DarkSide posted a statement saying it was ending operations.  

CHINESE CYBERATTACKS CAN MAKE FINANCIAL INSTITUTIONS, CRITICAL INFRASTRUCTURE ‘VULNERABLE’: REP. RO KHANNA

Enter BlackMatter, which is now active on cybercrime forums.

“They’re not advertising their ransomware, however; they are recruiting affiliates…who have access to hacked enterprise networks,” according to Malwarebytes. The BlackMatter ads state that it’s seeking hacked access to corporate networks in Australia, Canada, the UK and the U.S.

Other requirements for corporations they target include revenue of at least $100 million and 500-15,000 hosts in the network, Recorded Future said.

Like other successful ransomware operations, BlackMatter is run as a business, dubbed Ransomware-as-a-service or RaaS, a knockoff of legitimate business models such as SaaS or software-as-a-service.

CYBERCRIMINALS UP THEIR GAME AS ‘CRACKING’ DRIVES BIG RISE IN HACKING TOOL DOWNLOADS

Cybersecurity news site Bleeping Computer reported attacks are happening already.

On their own site, BlackMatter says it won’t target certain industries including hospitals, critical infrastructure, the defense industry and the government sector, according to Malwarebytes.

That’s similar to past statements from DarkSide.

“Our goal is to make…

Source…

‘They hit you hard’: How DarkSide became powerhouse of ransomware attacks

/in



Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.


Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.


Woris thought this last ploy was a particularly nice touch.


“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”


DarkSide’s attack on the pipeline owner, Georgia-based Colonial Pipeline, did not just thrust the gang onto the international stage. It also cast a spotlight on a rapidly expanding criminal industry based primarily in Russia that has morphed from a specialty demanding highly sophisticated hacking skills into a conveyor-belt-like process. Now, even small-time criminal syndicates and hackers with mediocre computer capabilities can pose a potential national security threat.


Where once criminals had to play psychological games to trick people into handing over bank passwords and have the technical know-how to siphon money out of secure personal accounts, now virtually anyone can obtain ransomware off the shelf and load it into a compromised computer system using tricks picked up from YouTube tutorials or with the help of groups like DarkSide.


“Any doofus can be a cybercriminal now,” said Sergei A. Pavlovich, a former hacker who served 10 years in prison in his native Belarus for cybercrimes. “The intellectual barrier to entry has gotten…

Source…

Hear ye, DarkSide! This honorable ransomware court is now in session

/in


Artist manikins pose next to a gavel.

A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide, the ransomware that shut down Colonial Pipeline two weeks ago, to hear claims from former affiliates who say the makers skipped town without paying. Or at least that’s what members of crime forum XSS.is want us all to believe.

A Russian-speaking person using the handle “darksupp” took to XSS.is in November to recruit affiliates for DarkSide, researchers at security firm FireEye said recently. At the time, DarkSide was the new ransomware-as-a-service on the block, and it was in search of business partners.

Since then, DarkSide has cashed in spectacularly. According to newly released figures from cryptocurrency tracking firm Chainalysis, DarkSide netted at least $60 million in its first seven months, with $46 million of it coming in the first three months of this year.

DarkSide made another $10 million this month, with $5 million coming from Colonial Pipeline and $4.4 million from Chemical distribution company Brenntag. Last week, DarkSide suddenly went dark. A post attributed to darksupp said his group had lost control of infrastructure and its considerable holding of bitcoin.

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated. “The hosting support service doesn’t provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

DarkSide hasn’t been heard from since.

Under the terms of the deal struck on XSS, DarkSide pays affiliates 75 percent of ransoms that are less than $500,000. The cut rises to 90 percent for ransoms higher than $5 million. But according to multiple DarkSide affiliates on XSS, the RaaS provider has absconded without honoring its commitments. The affiliates have been asking to be reimbursed from a deposit, balance about $900,000, that DarkSide was required to make with XSS.

Here are three such posts. Notice…

Source…