US attack exposes DarkSide as cyber attack service
PARIS: US authorities have identified a relatively new gang of cyber criminals as being behind the ransomware attack which paralyzed a key fuel pipeline. Called DarkSide, experts say it is one of a growing number of outfits that provide attack software to other groups. DarkSide first emerged publicly in August 2020 and it specializes in what is known as ransomware: programs that infiltrate a victim’s computer network and then encrypt data on machines, thus blocking operations. The criminals then demand a ransom to free the data.
Pay or data sold
Experts believe that the team behind DarkSide is made up of experienced cyber criminals as the software goes beyond earlier indiscriminate ransomware attacks. “DarkSide follows the double extortion trend, which means the threat actors not only encrypt the user’s data, but first exfiltrate the data and threaten to make it public if the ransom demand is not paid,” said analysts at Cybereason, a firm which helps companies protect themselves against such attacks.
“This technique effectively renders the strategy of backing up data as a precaution against a ransomware attack moot,” the company said on its website. If the group doesn’t get what it wants, it can “auction the data off to other pirates, to databases of stolen information,” said Damien Bancal, a journalist at Zataz.com who specializes in the illegal traffic of stolen information. DarkSide can also threaten to make public sensitive or embarrassing data. “The amount of a DarkSide ransom varies between $200,000 and $2 million,” France’s national data security agency Ansii said in February.
Ransomware as a service
Experts believe that DarkSide rarely carries out attacks itself. Instead, it provides the software and assists its clients who carry out the attacks. “Those responsible for DarkSide are very organized, and they have a mature Ransomware as a Service (RaaS) business model and affiliate program,” said Cybereason.
“The group has a phone number and even a help desk to facilitate negotiations with and collect information about its victims - not just technical information regarding their environment but also more general details relating to the company itself like the organization’s size and estimated revenue,” the company added.
Zataz.com’s Damien Bancal said DarkSide even offers a sort of “after-sale service” option to help negotiate with victims. Security expert Gerome Billois at WaveStone compared DarkSide’s business model to that of technology platforms like Uber. It links up cyber criminals with potential victims, provides the necessary software, and receives a commission from whatever ransom is paid.
In a statement published on the darknet - a area of the Internet not accessible by the general public DarkSide states that it has no political agenda and no governmental links. It said it is out to make money, not to create social problems so it claimed it will only ransom companies that can afford it. US authorities believe DarkSide is based in Russia.