The hacker ring’s ransom note appeared on the company’s computer screens this past Monday. “Your computers and servers are encrypted, backups are deleted,” it said. “We use strong encryption algorithms, so you cannot decrypt your data.”
But, the extortionists said, “you can restore everything by purchasing a special program from us — universal decryptor.” This program, the message said, “will restore all your network.”
The price: $1.2 million.
https://www.washingtonpost.com/technology/2021/05/15/ransomware-colonial-darkside-cyber-security/
Also see:
Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity
For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond.
But when the real, this-is-not-a-drill moment arrived, it didn’t look anything like the war games.
The attacker was not a terror group or a hostile state like Russia, China or Iran, as had been assumed in the simulations. It was a criminal extortion ring. The goal was not to disrupt the economy by taking a pipeline offline but to hold corporate data for ransom.
https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html
The bizarre story of the inventor of ransomware
Eddy Williems was working for an insurance company in Belgium back in December 1989 when he popped the floppy disc into his computer. The disc was one of 20,000 sent in the mail to attendees of the World Health Organization’s AIDS conference in Stockholm, and Williems’ boss had asked him to check what was on it.
https://edition.cnn.com/2021/05/16/tech/ransomware-joseph-popp/index.html
DarkSide, Blamed for Gas Pipeline Attack, Says It Is Shutting Down
The criminal hacking group DarkSide, which the F.B.I. has blamed for carrying out a ransomware attack that crippled fuel delivery across the Southeastern United States this week, has announced that it is shutting down because of unspecified “pressure” from the United States.
https://www.nytimes.com/2021/05/14/business/darkside-pipeline-hack.html
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
Suspected Russia-led cyber campaign targets Germany’s Green party leader
Fears are growing in Berlin of a Russian-led cyber campaign against the leader of Germany’s Green party after she pledged to block a gas pipeline project between Russia and Europe.
https://www.theguardian.com/world/2021/may/13/suspected-russia-led-cyber-campaign-targets-germanys-green-party-leader
Ransomware Going for $4K on the Cyber-Underground
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year.
https://threatpost.com/ransomware-4k-cyber-underground/166145/
Colonial hack: Biden orders tightening of cyber-defences
President Joe Biden has signed an executive order to improve US cyber-defences in light of recent attacks. The detailed order issues strict deadlines for all government departments to tighten security.
https://www.bbc.com/news/technology-57101249
Pipeline Hack Points to Growing Cybersecurity Risk for Energy System
The audacious ransomware attack that shut down a major fuel pipeline and sent Americans scrambling for gasoline in the Southeast this week was not the first time hackers have disrupted America’s aging, vulnerable energy infrastructure. And it’s unlikely to be the last.
https://www.nytimes.com/2021/05/13/climate/pipeline-ransomware-hack-energy-grid.html
Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers
The operator of a critical fuel pipeline on the East Coast paid extortionists roughly 75 Bitcoin — or nearly $5 million — to recover its stolen data, according to people briefed on the transaction, clearing the way for gas to begin flowing again but complicating President Biden’s efforts to deter future attacks.
https://www.nytimes.com/2021/05/13/us/politics/biden-colonial-pipeline-ransomware.html
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast.
https://threatpost.com/colonial-pays-5m/166147/
Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.
Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to five people briefed on the transaction.
https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html
How the Colonial Pipeline hack is part of a growing ransomware trend in the US
The wider American public was afforded an unwanted glimpse into the Wild West world of ransomware this week, after a cyber attack crippled Colonial Pipeline, causing fuel shortages across the eastern seaboard and states of emergency to be declared in four states.
https://www.theguardian.com/technology/2021/may/13/colonial-pipeline-ransomware-attack-cyber-crime
Irish health service hit by cyber attack
Ireland’s health service has temporarily shut down its IT system after what it described as a “significant ransomware attack”.
https://www.bbc.com/news/world-europe-57111615
Ransomware attack disrupts Irish health services
Ireland’s state health services provider has shut all its IT systems and cancelled some medical appointments after what it described as a “significant ransomware attack” overnight caused widespread disruption.
https://www.theguardian.com/world/2021/may/14/ransomware-attack-disrupts-irish-health-services
The New Ransomware Threat: Triple Extortion
The FBI confirmed in a statement on Monday that a professional cybercriminal group called DarkSide was responsible for the ransomware attack on the Colonial Pipeline network. DarkSide works in a Ransomware-as-a-Service (RaaS) model, where it leverages a partner program to execute its cyber attacks. This means there is little known at this point about the real actor behind the attack.
https://blog.checkpoint.com/2021/05/12/the-new-ransomware-threat-triple-extortion/
April 2021’s Most Wanted Malware: Dridex Remains in Top Position Amidst Global Surge in Ransomware Attacks
Our latest Global Threat Index for April 2021 has revealed that for the first time, AgentTesla has ranked second in the Index, while the established Dridex trojan is still the most prevalent malware, having risen to the top spot in March after being seventh in February.
https://blog.checkpoint.com/2021/05/13/april-2021s-most-wanted-malware-dridex-remains-in-top-position-amidst-global-surge-in-ransomware-attacks/
Ransomware operators and where to find them: Kaspersky sheds light on the ransomware ecosystem
Ransomware is on the tip of everyone’s tongue every time businesses discuss cyberthreats they are likely to face in 2021. Attackers have built their brands and are bold in their advances like never before, with the news about organizations being hit with ransomware consistently on newspaper front pages. But by placing themselves under the spotlight, such groups hide the actual complexity of the ransomware ecosystem. To help organizations understand how the ransomware ecosystem operates and how to fight it, the latest report by Kaspersky researchers dug into darknet forums, took a deep look at REvil and Babuk gangs and beyond and debunked some of the myths about ransomware. And when you dig into this underworld, you have to expect that it has many faces.
https://www.kaspersky.com/about/press-releases/2021_ransomware-operators-and-where-to-find-them