“Do penetration testing and what penetration testing is simulating an attack on your systems. They see what type of vulnerabilities they can find, what type of information they can gather while doing that, and then recommend fixes to close those security holes. Also making constant backups, that way if something like this does happen, you do have current backups to restore your data,” Quellos said.
The hacker group blamed for this weekend’s ransomware attack on the Colonial petroleum pipeline has insisted it only wanted to make money and regretted “creating problems for society”.
In a statement posted on Monday, the criminal group known as DarkSide said it was “apolitical” and attempted to deflect blame for the attack on to “partners” that had used its ransomware technology.
The hack has taken a key US oil pipeline offline for three days, threatening to drive up fuel prices and forcing the US government to bring in emergency powers to keep supplies flowing.
“Our goal is to make money, and not creating problems for society,” DarkSide said, adding that it would “check each company that our partners want to encrypt to avoid social consequences in the future”.
Ransomware attacks involve hackers taking control of an organisation’s data or software systems, locking out the owners using encryption until a payment is made.
DarkSide emerged as one of the leading ransomware outfits last August, and is believed to be run from Russia by an experienced team of online criminals. Silicon Valley-based cyber security company CrowdStrike has traced DarkSide’s origins to the criminal hacking group known as Carbon Spider, which “dramatically overhauled their operations” last year to focus on the fast-growing field of ransomware.
“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere,” DarkSide has said previously.
Brett Callow, an analyst at the cyber security group Emisoft, said: “DarkSide doesn’t eat in Russia. It checks the language used by the system and, if it’s Russian, it quits without encrypting.”
He added that the group rented out its services on the dark web. “DarkSide is a ransomware-as-a-service operation. I assume the attack on Colonial was carried out by an affiliate and the group is concerned about the level of attention it has attracted.”
In a sign of how ransomware has become a professionalised industry, DarkSide operates its own “press office” and claims to have an ethical approach to choosing its targets. DarkSide’s website claims that “based on our…
The Biden administration is to step up cybersecurity measures after a ransomware attack crippled the biggest oil pipeline on the American east coast.
n executive order is expected within weeks, instructing federal agencies and contractors to plug security gaps that have left them vulnerable to a wave of cyber attacks in recent months.
The latest assault, on the 5,500-mile Colonial Pipeline which provides nearly half the fuel used on the east coast, is thought to have been carried out by DarkSide, a cybercriminal group believed to operate between Russia and Eastern Europe.
It wrought havoc on the company’s computer network, forcing the shutdown of the pipeline, which runs from Texas to New Jersey.
It is feared the attack, one of the most damaging ever reported, could cause a further spike in fuel prices in the US, which have already been increasing in recent months.
Colonial, which normally carries 2.5 million barrels a day, serves consumers…
Russian hackers have adopted new cyber tactics, techniques and procedures for attacking targets in the U.S. and elsewhere after their earlier methods were exposed, several government agencies said Thursday.
Security agencies in the U.S. and United Kingdom issued a joint advisory warning about recent activity they have attributed to hackers acting on behalf of the Russian Foreign Intelligence Service, or SVR.
Known also by names including APT29 and Cozy Bears, the hackers recently began leveraging a vulnerability affecting Microsoft Exchange Server that became publicly known in March, the advisory said.
Additionally, the unclassified, 14-page advisory said the hackers were recently spotted using an open-source, command-and-control framework called Silver after gaining initial access to victim network.
The advisory was issued jointly by the FBI, U.S. National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K. National Cyber Security Centre (NCSC).
Previously, the…