DarkSide ransomware attacked the colony pipeline and created an evil chaos
DarkSide addressed this law enforcement issue even before the colony pipeline attack. It almost exclusively targets English-speaking organizations and is widely regarded as a criminal group in Russia or Eastern Europe. The DarkSide malware can even perform language checks on the target, and when it detects Russian, Ukrainian, Belarusian, Armenian, Georgian, Kazakh, Turkmen, Romanian and other languages related to Russia’s geopolitical interests It’s closed. The Kremlin has always allowed cybercriminals to operate unchecked within its borders, as long as they do not follow their compatriots.
DarkSide’s “ransomware rental” business model makes it difficult to determine who was behind a particular DarkSide attack, which is a convenient isolation measure for all involved. Moreover, the existence of ransomware services for rent shows that these attacks have become so popular and profitable. The members of DarkSide focus on point-of-sale credit card data theft and ATM withdrawal attack Adam Meyers, vice president of intelligence at security company CrowdStrike, said the company has tracked DarkSide activities under its name for many years. Carbon spider. “They have transitioned to ransomware games because there is a lot of money in them,” Meyers said.
The Biden administration has stated in recent weeks that it plans to focus its real attention on the threat of ransomware.The White House has been recruiting important cybersecurity policy and response roles, and has participated in a Public-Private Ransomware Task Force The aim is to produce comprehensive recommendations to curb the problem. Now, the colonial pipeline incident has given the White House new impetus to put policy recommendations into action.
“We have taken a multi-pronged government response to this incident and the entire ransomware,” Anne Neuberger, deputy national security adviser, said in a White House briefing on Monday. “We are actively investigating this. The incident and its perpetrators.”
Newberg said that the Bush administration believes that “Diablo” is just a criminal, but the intelligence community is studying the possibility of establishing contact with the government. On Monday, President Biden called on the Russian government to stop hiding cybercriminals.
Biden said: “I will meet with President Putin.” “So far, there is no evidence… from our intelligence personnel, it can be seen that Russia is involved, although there is evidence that the participants’ ransomware is in Russia. They are. It is the responsibility to solve this problem.”
One question that dog ransomware responds to is whether the government should make it illegal for victims to pay for ransomware. In theory, no longer paying the ransom means that there is no longer any incentive to induce criminals to continue committing crimes. However, members of the Public-Private Ransomware Working Group stated that the organization failed to reach a consensus on firm recommendations in this regard. Weighing is not easy.
What measures may be taken in the near future? Rob Knack, a senior researcher at the Foreign Relations Committee and former director of cybersecurity policy at the National Security Council, said that victims are required to disclose ransomware incidents and a cyber incident review committee has been established in the United States. Currently, most victims keep ransomware attacks quiet when possible. A thorough consideration of these changing crises may inspire a response. Knake said: “Notification is essential, because cyber incidents are not like plane crashes, and investigating agencies may never find out that they have occurred.” “Therefore, for the cyber incident review committee to succeed, they must be notified of the incident. , And then have the right to investigate. Voluntary will not work.”
At the same time, cybersecurity experts said they hope that the “colonial pipeline incident” will indeed trigger actions in the fight against ransomware. However, given how many other terrible attacks have failed to act as a catalyst, they remain vigilant against those who hope too much.
Crowdstrike’s Meyers said: “Currently, only system improvements will have any meaningful impact.” “Organizations don’t necessarily have enough bandwidth, funds, and personnel to do this. But it should be. A wake-up call for any organization: you need to do better or you will suffer the same fate.”
More exciting wired stories