14 Jun DarkSide: Service with a Smile
We once covered the Darknet Diaries podcast, the episode was a story about Ransomware. We are drawn to these ransomware stories on private and public organisations because they speak to a real vulnerability in an unreal world. Fresh Air, an interview podcast hosted by Terry Gross, recently interviewed New York Times investigative journalist, Michael Schwirtz, in relation to his piece about Russian cybergang, DarkSide.
DarkSide has earned a sizable sum ($90m) since August 2020 in commissions from affiliates that hold large and small companies ransom for their own privacy and data. The big fish attributed to DarkSide software was Colonial Pipeline and a disrupted service of an American gasoline pipeline. In turn, this affected the distribution of jet fuel along the East Coast of America and caused panic buying of car fuel. In 2020, the year of the Coronavirus pandemic, America was pumped with paranoia and real and imagined scarcity, this crisis was fuel to the fire.
The investigation proved that cybergangs are like any other bullies, people that found some pleasure in scaring otherwise normal citizens with threats to their economic and social status. Although there was a surprising twist in this story. As the ransomware gang expansion took place so did the business acumen therein, a customer service desk for example, would you believe?
DarkSide is a ransomware developer that sells the platform to extort money to affiliates who then carry out the attacks on random businesses. DarkSide offers customer support through a dashboard that helps users understand cryptocurrency processes and strategies for negotiations with ransomware victims. Anyone with access to the DarkSide dashboard can become an affiliate.
Although there are significant communication barriers with DarkSide’s support services, they operate mostly in Russian language or grammar challenged English, they do seem to have a moral compass, in that they disavow affiliates attacking educational, medical and government targets. Vladimir Putin said in a 2018 interview that Russian cybercriminals would not be charged under American laws as they were Russian nationals operating within the bounds of Russian borders, despite their global reach.
The New York Times reported that once the DarkSide had been identified by the FBI in the Colonial Pipeline attack they had vowed to shutdown, which caused obvious concerns for users already in the midst of a ransomware attack. Apparently they are still operating but have put the sold sign out for their proprietary infrastructure. The Fresh Air podcast episode is a great 40 minute listen that will shine some light on Russian cyber gangs and the future of cybercrime.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.