Operators of the ransomware DarkSide have published a press release, in which they announced their intention to continue to carefully select targets for their cyberattacks after the attack on the Colonial Pipeline.
Last week the largest US fuel company Colonial Pipeline became a victim of DarkSide. Due to the attack, Operators had to turn off the computer network, as well as the fuel line.
Experts have said, DarkSide is likely to be composed of ransomware veterans and had simply come out of nowhere in the middle of last year and immediately unleashed a digital crimewave and According to Boston-based Cybereason, DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks.
Bloomberg had first reported that DarkSide may be involved in the attack on Colonial Pipeline in some way. Then on Monday, the FBI confirmed that DarkSide was behind the attack
Since the Colonial Pipeline transports about 2.5 million barrels of refined fuel daily and supplies 45% of all fuel consumed on the entire US east coast, the government had to impose an emergency regime in 18 states.
After the attack, information began to appear in the media that hackers working for the Russian government were behind the attack, However, DarkSide operators decided to publicly dispel this theory.
On Sunday, May 10, they issued a statement that their group is “apolitical” and not affiliated with the government of any country.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives, Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” DarkSide said in a statement.
DarkSide also states that it will donate a per cent of the profits to charities, however, some charities have turned down the donations.
“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the hackers wrote. “Today we sent [sic] the first donations.”
Cybereason have said that the Darkside group is highly professional. They offer a help desk and call-in phone number for victims and have already published confidential data on more than 40 victims. It maintains a website called “DarkSide Leaks” that is modelled on WikiLeaks where hackers can post private data of companies that they have stolen.
They conduct “double extortion,” which means the hackers not only encrypt and lock up the victim’s data, but they also steal data and then threaten to make it public on the DarkSide Leaks site if the companies refuse to pay the ransom.
Ransom demands are ranging anywhere from $200,000 to $20 million, and Cybereason says the hackers gather detailed intelligence on their victims, learning the size and scope of the company as well as who the key decision-makers are inside the firm.
The hackers continue to expand: Cybereason reports they recently released a new version of their malware: DarkSide 2.0.
Catch up on more stories here