DarkSide was illustrative of that enforcement problem even before the Colonial Pipeline attack. It almost exclusively targets English-speaking organizations and is widely thought to be a criminal group based in Russia or Eastern Europe. The DarkSide malware is even built to conduct language checks on targets and to shut down if it detects Russian, Ukrainian, Belarusian, Armenian, Georgian, Kazakh, Turkmen, Romanian, and other languages associated with Russia's geopolitical interests. The Kremlin has historically let cybercriminals operate unfettered within its borders as long as they don't go after their countrymen.
DarkSide's rent-a-ransomware business model makes it difficult to determine who, specifically, is behind any given DarkSide attack, convenient insulation for all involved. And the very existence of ransomware-for-hire services shows just how popular—and profitable—these attacks have become. Members of DarkSide focused on point-of-sale credit card data theft and ATM cashout attacks for years, says Adam Meyers, vice president of intelligence at the security firm CrowdStrike, which tracks DarkSide's activity under the name Carbon Spider. “They’ve transitioned to the ransomware game because there’s so much money in it,” Meyers says.
The Biden administration has signaled in recent weeks that it plans to focus real attention on addressing the threat of ransomware. The White House has been hiring for key cybersecurity policy and response roles and participated in a public-private ransomware task force aimed at generating comprehensive recommendations to curb the problem. The Colonial Pipeline incident now gives the White House a renewed motivation to turn policy proposals into action.
“We’re taking a ..
Support the originator by clicking the read the rest link below.
