.png)
''' '' DARK SIDE
DAMN '' '''
'' WELCOME TO DARKSIDE '' : THE FIRST THING THE VICTIM SEES on the screen is a ransom letter with instructions and gentle threats.
' Welcome to DarkSide,' the letter says in English before explaining that the victim's computers and servers had been encrypted and any backups deleted.
To decrypt the information, victims are directed to a website where they must enter a special pass key. The letter makes clear that they can call on a tech support team if they should run into any problems.
'' !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself,'' the letter says. ''WE WILL NOT be able to RESTORE them.''
The DarkSide software not only locks victims' computer systems, it also steals proprietary data, allowing affiliates to demand payment not only for unlocking the systems but also for refraining from releasing sensitive information publicly.
In the chat log viewed by The Times, a DarkSide customer support employee boasted to Woris that he had been involved in more than 300 ransom attacks and tried to put him at ease.
''We're just as interested in the proceeds as you are,'' the employee said.
Together, they had hatched the plan to put the squeeze on the publishing company, a nearly century-old, family-owned business with only a few hundred employees.
Negotiations over the ransom with DarkSide lasted for 22 days and were carried out over email or on the gang's blog with a hacker or hackers who spoke only in mangled English, said the company's spokesman. Negotiations broke down sometimes in March over the company's refusal to pay the $1.75 million ransom.
DarkSide, it seems, was livid and threatened to leak the news of the ransomware attack to the news media.
'' Ignoring is a very bad strategy for you. You don't have much time,'' DarkSide wrote in an email. ''After two days we will make you blog post public and send this news for all big mass media. And everyone will see you catastrophic data leak.''
For all the strong-arm tactics, DarkSide was not completely without a moral compass. In a list of rules posted to the dashboard, the group said any attacks against educational, medical or government targets were forbidden.
Another important rule adopted by DarkSide, along with most other Russian-speaking cyber criminal groups, underscore a reality about modern-day cybercrime. Anyone living in the Commonwealth of Independent States, a collection of former Soviet republics, is strictly off limits to attacks.
Cybersecurity experts say the ''don't work.ru'' stricture, a reference to Russia's national domain suffix; has become de rigueur in the Russian-speaking hacking community, to avoid entanglements with Russian law enforcement.
The Russian authorities have made it clear they will rarely prosecute cybercriminals for ransomware attacks and other cybercrimes outside Russia.
As a result Russia has become a global hub for ransomware attacks, experts say.
The cybersecurity firm Recorded Future, based outside Boston, tracks about 25 ransomware groups, of which about 15 - including the five biggest - are believed to be based in Russia or elsewhere in the former Soviet Union, said a threat intelligence expert for the firm, Dmitry Smilyanets.
Mr. Smilyanets is himself a former hacker from Russia who spent four years in U.S. federal custody for cybercrimes. Russia in particular has become a ''greenhouse'' for cybercriminals, he said.
An atmosphere was created in Russia in which cybercriminals felt great and could thrive,'' Mr. Smilyaneyts said. '' When someone is comfortable and confident that he won't be arrested the next day, he starts to act more freely and more brazenly.''
This month, Darkside's support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States.
In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.
''There is now the option to leave a tip for Support under 'payments' '' the posting said. ''It's optional, but Support would be happy :).''
Days after the F.B.I, publicly identified DarkSide as the culprit, Woris, who had yet to extract a payment from the publishing company, reached out to customer service, apparently concerned.
''Hi, how's it going,'' he wrote. ''They hit you hard.''
It was the last communication Woris had with DarkSide.
Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.
''The price is negotiable,'' DarkSide wrote. ''By fully launching an analogous partnership program it's possible to make profit of $5 million a month.''
The Serving of this Latest Global Operational Research on Cybercrimes, Ransomware and Modern Day Future, continues.
With respectful dedication to the Students, Professors and Teachers of the world. See Ya all prepare and register for Great Global Elections on The World Students Society : wssciw.blogspot.com and Twitter - !E-WOW! - The Ecosystem 2011 :
''' Attacks - Attires '''
Good Night and God Bless
0 comments:
Post a Comment
Grace A Comment!