A Closer Look at the DarkSide Ransomware Attack

Posted on July 14, 2021 Security

As a business owner, you need to think about malware. Cybercriminal groups are becoming more and more sophisticated. In recent years ransomware has become a very popular kind of cybercrime. 

Ransomware attacks can cost companies hundreds of thousands of dollars in damages. In fact, it’s not unheard of for a ransomware attack to spell the end for a company.  

A cybercriminal group known as Darkside has recently started making targeted ransomware attacks. They deliberately target certain companies in an attempt to extort huge amounts of cash. 

This article tells you what you need to know about this criminal group and tells you how you can protect your company against these kinds of threats. 

Darkside Ransomware

A mysterious hacker group known as Darkside has been responsible for shutting down Colonial Pipeline. Colonial Pipeline operates a pipeline responsible for transporting gasoline from Texas to the East Coast. 

A ransomware attack from Darkside meant that the company had to suspend its operation. The attack was so significant that it had a noticeable impact on the US energy markets. 

While the attack didn’t access the systems responsible for controlling the actual pipeline, these still had to be shut down for fear of Malware spreading. 

The Biden administration took the attacks very seriously. Emergency meetings took place at the Whitehouse over the weekend after the attack. 

The attack has many companies around the US fearful that the same kind of thing could happen to them. 

So, What Is Ransomware?

Ransomware is a relatively new kind of virus that has started to grow exponentially. Essentially, it is a piece of malware that encrypts the files on an infected system. The victim can then only recover the files if they make a cash payment to the attackers.

Cybercriminals favor this kind of attack as it’s possible to make a lot of money. Many organizations are not prepared to handle this kind of attack, leaving them little choice but to pay for the ransom. 

The hacking groups are able to avoid detection as they send their payments anonymously to a cryptocurrency wallet. Unfortunately, paying the attackers doesn’t even guarantee that you’ll get your files back. In some cases, there have been ransomware attacks where the program doesn’t even have the capability to decrypt your files. 

Attackers may also program malware to spread through your network. This means that if one workstation gets malware, the malware could quickly spread through your whole organization. 

The Consequences of the Darkside Hack

The Darkside hack had many serious consequences for Colonial Pipeline. They lost out on business due to having to shut down for days. Not only did this impact the company, but it also had negative effects on the enemy market as a whole. 

This forced the company to shut down its operation completely to ensure the malware could not spread to other systems.

Besides the loss of income and damage to the market, Colonial Pipeline also seriously damaged its reputation. It quickly came to light that the company was victimized because of its poor security practices.

This is quite common with ransomware attacks. Companies tend to take serious risks with their security, and after a successful cyberattack, these poor practices come to light. 

It’s also not clear if Colonial Pipeline actually paid the ransom. It’s quite likely that they did. For many companies, the price of the ransom pales in comparison to the losses they’ll face without their data. 

Ransomware attackers know this. Sophisticated attackers may even do a lot of research about the company to figure out the right number to charge. 

Who Are Darkside?

As of right now, it’s still unclear exactly who Darkside are. Some people believe that they may be linked to Russia, but US intelligence services have yet to come to a conclusion. 

One of the big reasons that people suspect Russian involvement is because of how the malware works. Upon getting infected, the ransomware asks you to select a language. Those that chose Russian, Ukrainian, Georgian, or Russian are left alone. 

On the other hand, if you pick any other language, all of your files will be locked down. The organization seems to be related to the REvil ransomware group which is notorious for doing ransomware-as-a-service. The code found in Darkside malware is remarkably similar to that use by REvil. This suggests there may be a link between the two groups. 

Typically, Darkside makes ransom demands in the region of $200,000 to $1,000,000. This number is usually specifically formulated to increase the chance that the victims will pay. 

Darkside claim that they didn’t mean to attack critical US infrastructure. After the Colonial Pipeline hack, they claim they won’t target such things again. Officially, they claim they don’t target institutions such as hospitals or charities. 

They only target large cooperations. Sometimes they offer to donate some of the funds they steal to charities, although charities generally don’t want to be associated with them. 

Specific Targeting

One of the key things that makes Darkside such a threat is that they are very selective in who they target. Most ransomware developers prefer to cast a wide net in an attempt to hit as many targets as possible. 

Darkside, on the other hand, places a unique key in each ransom note. They take the time to understand who they’re attacking, and they make sure they attack in such a way that they’re more likely to get paid. 

If your company has lax security practices, the word could get out to groups like Darkside. This could lead to you being the victim of a cyber attack. It’s vital that you take measures to prevent your company from being targeted by these criminals. 

Are They Linked to the Russian State?

It’s quite hard to say for certain whether or not Darkside is sanctioned by the Russian state. Due to the complex nature of the internet, it’s often very hard to establish where a particular group is located. 

For example, they might use a VPN to make it seem like they’re in another location. Even if you can prove that they’re in Russia, you can’t necessarily prove that the Russian state had anything to do with it. 

Often, cybercriminal groups are covertly supported by the state under the table. US intelligence may heavily suspect that the group is linked to Russia, but it’s unlikely they’ll be able to prove it. 

How to Protect Your Company

Thankfully, keeping your company safe from a ransomware attack is relatively simple. If you have backups of your data, you don’t even need to consider paying the ransom. You can simply revert to your last backup, and the ransomware attack is rendered useless. 

Unfortunately, many companies don’t want to invest in this kind of protection until it’s too late. A lot of companies tend to take a reactive approach, where they only implement defenses after they’ve fallen victim to ransomware. 

Attackers such as Darkside know this, and they’re deliberately targeting companies that don’t have backup systems in place. The only foolproof way to protect your company from these kinds of attackers is to have a comprehensive backup system in place. 

You also want to have good anti-virus software installed on all company workstations. With that said, don’t be fooled into thinking anti-virus software makes you immune from ransomware. 

Ransomware often uses new security vulnerabilities. This means that anti-virus software won’t be able to detect it initially. It’s only after people start to report the vulnerability that the anti-virus companies can start coding protection against it. 

The only foolproof way to protect against ransomware is to properly back up your data. 

Look to the Cloud

One of the best ways to achieve this kind of data security is through cloud-based storage. When it is configured properly, cloud storage is essentially a “set and forget” system. You save all of your files as normal, but they’re also backed up to an off-site server. 

This renders a ransomware attack ineffective because you can simply load all of your old files from the cloud. A good cloud system will make multiple backups per day, so at worst, you’ll only lose a few hours of work. 

With ransomware-as-a-service growing in popularity, it’s vital that you take proactive measures today before you become a victim. 

Take Action Today

If you’re concerned about the impact that groups like Darkside may have on your company, you should take action today. Consider working with a managed IT company to set up cyber defenses and an automated backup system. 

Many companies don’t spend money on cybersecurity until it’s too late. Get in touch with us today, and we can make your company virtually immune to ransomware tactics.

Contact Us Today To Experience How We Can Save You Time, Money And Stress