Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack.
The pipeline is said to carry roughly 45% of the fuel consumed on the East Coast, with the attack considered the most disruptive cyberattack to date on critical U.S. infrastructure.
The incident was quickly associated with the cybercriminal gang known as DarkSide, which has been active since August 2020.
In January 2021, Bitdefender released a decryptor for the DarkSide ransomware, to help victims restore their files without paying the ransom. However, the hackers took steps to ensure that the decryptor no longer works.
DarkSide functions as a ransomware-as-a-service (RaaS), where affiliates help deliver the malware in exchange for a percentage of the amount the victim pays in ransom. At least five Russian-speaking affiliates have been identified to date, security researchers with FireEye’s Mandiant team reveal.
The RaaS features the typical characteristics of any ransomware enterprise: after the target systems have been compromised, data is encrypted and exfiltrated for extortion purposes, and the victim is provided with means of contacting the attackers to receive details on the payment request and to negotiate the ransom.
The profit is shared with the affiliates, which are provided access to an administrative pa ..
Support the originator by clicking the read the rest link below.
