.png)
''' '' THE
RANSOMWARE TOP '' '''
EVEN BEFORE THE ATTACK ON COLONIAL PIPELINE - DarkSide's business was booming. According to the cybersecurity firm Elliptic, which has studied DarkSide's Bitcoin wallets - The gang has received about $15.3 million in Bitcoin since October 2020, with another $75 million going to affiliates.
The serious profits for such a young criminal gang - DarkSide was established only last August, according to computer security researchers - underscore how Russian-language cybercriminal underground has mushroomed in recent years.
That growth has been abetted by the rise of cryptocurrencies like Bitcoin that have made the need for old - school money mules, who sometimes had to smuggle cash across borders physically, practically obsolete. So, time enough to get behind the scenes at a ransomware and try discerning the future.
DARKSIDE'S ATTACK ON THE PIPELINE OWNER Georgia-based Colonial Pipeline - did not just thrust the gang into the international stage.
It also cast a spotlight on a rapidly expanding criminal industry that has morphed from a specialty demanding highly sophisticated hacking skills into a conveyor-belt-like process. Now, even small-time criminal syndicates and hackers with mediocre computer capabilities can pose a potential security threat.
Where once criminals had to play psychological games to trick people into handing over bank passwords and have the technical know-how to siphon money out of secure personal accounts, now virtually anyone can obtain ransomware off the shelf and load it into a compromised computer system using tricks picked up from YouTube tutorials or with the help of groups like DarkSide.
''Any doofus can be a cybercriminal now,'' said Sergei A. Pavlovich, a former hacker who served 10 years in in prison has native Belarus for cybercrimes. ''The intellectual barrier to entry has gotten extremely low.''
A glimpse into DarkSide 's secret communications in the months leading up to the Colonial Pipeline attack reveals criminal operations on the rise, pulling in millions of dollars in ransom payments each month.
DarkSide offers what is known as ''ransomware as a service,'' in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ransomware but are still capable of breaking into a victim's computer systems.
DarkSide's services include providing technical support for hackers, negotiating with targets like the publishing company, processing payments, and devising tailored pressure campaigns through blackmail and other means, such as secondary hacks to crash websites.
DarkSide's user fees operated on a sliding scale : 25 percent for any ransom less than $500,000 down to 10% for ransoms over $5 million, according to the computer security firm, FireEye.
As a start-up operation, DarkSide had to contend with growing pains, it appears. In the chat with someone from the group's customer support, Woris complained that the gang's ransomware platform was difficult to use, costing him time and money as he worked with DarkSide to extort cash from the American publishing company.
''I don't even understand how to conduct business on your platform,'' he complained in an exchange sometime in March. ''We're spending so much time when there are things to do. I understand that you don't give a crap. If not us, others will bring you payments, It's quantity not quality.''
The Times gained access to the internal ''dashboard'' that DarkSide customers used to organize and carry out ransom attacks. The login information was provided to The Times by a cybercriminal through an intermediary. The Times is withholding the name of the company involved in the attack to avoid additional reprisals from the hackers.
Access to the DarkSide dashboard offered an extraordinary glimpse into the internal workings of a Russian-speaking gang that has become the face of global cybercrime.
Cast in the dark black and white, the dashboard gives users access to DarkSide's list of targets as well as a running ticker of profits and a connection to the group's customer support staff, with whom affiliates could craft strategies for squeezing their victims.
The dashboard was still operational as of May 20, when a Times reporter logged in, even though DarkSide had released a statement a week earlier saying it was shutting down.
A customer support employee responded almost immediately to a chat request sent from Woris's account by The Times reporter.
But when the reporter identified himself as a journalist the account was immediately blocked.
In just a couple of years, cybersecurity experts say, ransomware has developed into a tightly organized, highly compartmentalized business.
There are certain hackers who break into computer systems and others whose job is to take control of them. There are tech support specialists and experts in money laundering. Many criminal gangs even have official public relations people who do media contacts and outreach.
In many ways, the organizational structure of the Russian ransomware industry mimics franchises like, like McDonald's or Hertz, that lower barriers to entry and allow for easy duplication of proven business practices and techniques.
Access to Drakside dashboard was all that was needed to set up shop as an affiliate of Darkside and, if desired, download a working version of the ransomware used in the attacks on Colonial Pipeline.
The Importance and Serving of this publishing continues. The World Students Society thanks authors Andrew E. Kramer, Michael Schwirtz and Anton Troianovski.
With respectful dedication to the Cybersecurity Experts, Students, Professors and Teachers of the world. See Ya all prepare and register for Great Global Elections on The World Students Society : wssciw.blogspot..com and Twitter - !E-WOW! - The Ecosystem 2011 :
''' Service - Support '''
Good Night and God Bless
0 comments:
Post a Comment
Grace A Comment!