When the Dark Side took down a pipeline with ransomware

Generally when you see “Darkside” trending on social media, it’s about something Star Wars related.  Such was not the case recently, but rather a hacking group based in Russia that took down the Colonial Pipeline, one of the largest pipelines in the US, by compromising its management equipment.

By now, the incident seems to have been resolved, with Colonial back online with normal operations and gasoline shortages, hopefully, soon to be amended.  DarkSide, the group claiming responsibility for the attack, used ransomware to gain access to the company’s network and steal almost 100 GB of data.  While Colonial initially refused to comply with the hackers’ ransom, they eventually paid a nearly $5 million sum, keeping, as Ars Technica calls it, a “vicious cycle turning.”  Most recent news has DarkSide responsible for accumulating over $90 million in Bitcoin stolen.

While the group claims to be neutral and apolitical, it uses language checking tools to judge potential targets.  If the target uses any of the specified language, the hackers leave them be, as if considering them to be friendly fire.  DarkSide also claims to operate under a certain ethical code, one which refuses to extort hospitals, funeral homes and nonprofits.  Such claims aren’t unheard of – early in the pandemic period we heard of hackers swearing off similar vulnerable entities, and see how long that lasted.  According to Nicole Perlroth, cybersecurity reporter with the New York Times, when the group goes after large firms it occasionally donates the ransom to charities, which usually return it.  It’s an interesting MO for a hacking outfit.

Few incidents of data security put ransomware in such a massive spotlight as national infrastructure, but sometimes people seem unaware of the sheer pervasiveness of the issue.  Even when not making national news, ransomware has been a persistent assault on industries.  In the state of North Carolina alone, for example, a 2020 Data Breach Report from the Attorney General indicates over 1600 breaches reports to the state’s Department of Justice.  Ransomware accounted for 22% of these, while compromised email accounts overall for 40%.  Cyber criminals will often take advantage of substantial gaps between management tools and security maintenance which can go unnoticed within the organization.  A collaborative approach across the organizational structure remains one of the most effective strategies for a solid defense against succumbing to the DarkSide.


By: Jonathan Weicher, post on May 20, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security