Origin
DarkSide first announced themselves in August 2020, when they publicly presented their malware. The product is called RaaS. After that, the group gained popularity due to the fact that the operations were carried out efficiently, but most importantly - professionally. It can also be noted that hackers have always extorted large sums of money from companies. Before attacking a victim, hackers analyze their financial side well.
Contrary to many beliefs, there is no evidence that the organization includes former IT security professionals. But from how the operations are carried out, we can conclude that the residents of the group are well versed in security technologies, have a deep understanding of the infrastructure, and also analyze the weaknesses of future victims.
DarkSide made a public statement that they are not going to attack hospitals, educational institutions, non-profit companies and government agencies. They prefer to target rather large organizations from which they can extort large sums of money.
According to The New York Times - It appeared after it became clear that the malware checks the language settings of the device before an attack and never attacks Russian users. Also, at various forums, representatives of the organization communicated in Russian. In addition, at the same forums it was said that new specialists are being recruited from Russia.
The assumption that the organization is Russian was put forward by a journalist from The New York Times. This, of course, does not mean that DarkSide is a 100% Russian organization, but it is extremely problematic to draw any conclusions here, and most likely we are unlikely to find out the truth about this.
Ransomware virus
It might seem like DarkSide are the pioneers who invented such malware in order to extort large sums of money. But in reality, things are a little different. In 2017, a ransomware virus called NotPetya made billions of dollars for its creators. The principle of operation was the same as that of the current DarkSide. There are a lot of similar examples, but in 2019 the industry of hacker ransomware has evolved into something progressively new.
The basis was laid by the now closed group Maze. They actively interacted with the media, ran their own PR service. PR people defended their reputation, debunked myths if there were any false reviews about the activities of hackers. Soon, this principle of operation was adopted by other hacker organizations, including DarkSide.
The organizers of such groups create cloud platforms, on which they can provide a payment gateway and money distribution chains. After that, hackers take their software and exploit vulnerabilities that they found or bought. As a result, a virus is launched into the company's network. Such company vulnerabilities are usually found by penetration testers. One such vulnerability can cost $ 1000 or even tens of thousands.
When the hack is successful, a negotiating firm connects, it communicates with the victim and then helps the company pay off the hackers. After that, the money received as a result of the negotiations is divided between the one who performed the hack and who developed the software. But the catch is that even after the hackers receive the money, all the data that they managed to download during the hacking remains on their servers. The creators of the organizations exercise control over the servers. This is done to ensure that hackers maintain their reputation and be a guarantee for the victim of the hack while negotiations are taking place. It is almost impossible to reveal who is behind all these extortions, since, as a rule, a lot of people are behind a particular group. Even if you manage to catch some specific hackers, who hacked or cashed money, it will not be possible to reach their customers. All this is because the real names are not used on the network and the performers often only know their nicknames.
What DarkSide does today
A hacker organization that positions itself as a corporation. They are actively promoting their movement on the Internet. They even do charity work.
In May of this year, many media outlets around the world started talking about the organization. And this happened thanks to their hacking of the largest supplier of petroleum products in the United States - Colonial Pipeline. What is the Colonial Pipeline? It is the company that controls the health of the pipeline that supplies fuel to the entire US East Coast. This, in turn, is 45% of the refined fuel.
The attack took place on May 7. DarkSide hackers launched a ransomware virus into Colonial Pipeline's computers, thereby blocking the entire system. Along with this, they pumped out about 100 gigabytes of company data. A regional emergency was introduced in 19 states. This was done in order to organize the delivery of fuel and oil products in tank trucks. Truck drivers were allowed to work overtime. But with the obligatory night's sleep. This eased the state of the country a little. It is worth noting that a few days before the attack, the American company DarkSide carried out a hacker attack on the French division of the Toshiba organization. About 740 GB was downloaded from the corporation's servers, including screenshots of passports and various personal information of employees.
The situation with the Colonial Pipeline ended with the hacker group ceasing to function and a statement was made about the dissolution of the group. This was due to the growing pressure on the organization from law enforcement agencies. It should be remembered that this practice is not uncommon among hacker groups. They disband for a short time, and then return under a new name. It is worth noting that DarkSide, before its announcement of the dissolution, managed to receive $ 5 million in cryptocurrency from the Colonial Pipeline company, after which they restored the system and computers to work.
Conclusion
Let's summarize a little of everything that was said above. Cybercrime has ceased to be a rarity for a long time. Time goes by, cybersecurity seems to be already at the highest level, but hacker organizations do not stand still. They develop new software, ransomware and other malicious applications every day. In order not to become a victim of them, you must always remember about precautions.
DarkSide first announced themselves in August 2020, when they publicly presented their malware. The product is called RaaS. After that, the group gained popularity due to the fact that the operations were carried out efficiently, but most importantly - professionally. It can also be noted that hackers have always extorted large sums of money from companies. Before attacking a victim, hackers analyze their financial side well.
Contrary to many beliefs, there is no evidence that the organization includes former IT security professionals. But from how the operations are carried out, we can conclude that the residents of the group are well versed in security technologies, have a deep understanding of the infrastructure, and also analyze the weaknesses of future victims.
DarkSide made a public statement that they are not going to attack hospitals, educational institutions, non-profit companies and government agencies. They prefer to target rather large organizations from which they can extort large sums of money.
According to The New York Times - It appeared after it became clear that the malware checks the language settings of the device before an attack and never attacks Russian users. Also, at various forums, representatives of the organization communicated in Russian. In addition, at the same forums it was said that new specialists are being recruited from Russia.
The assumption that the organization is Russian was put forward by a journalist from The New York Times. This, of course, does not mean that DarkSide is a 100% Russian organization, but it is extremely problematic to draw any conclusions here, and most likely we are unlikely to find out the truth about this.
Ransomware virus
It might seem like DarkSide are the pioneers who invented such malware in order to extort large sums of money. But in reality, things are a little different. In 2017, a ransomware virus called NotPetya made billions of dollars for its creators. The principle of operation was the same as that of the current DarkSide. There are a lot of similar examples, but in 2019 the industry of hacker ransomware has evolved into something progressively new.
The basis was laid by the now closed group Maze. They actively interacted with the media, ran their own PR service. PR people defended their reputation, debunked myths if there were any false reviews about the activities of hackers. Soon, this principle of operation was adopted by other hacker organizations, including DarkSide.
The organizers of such groups create cloud platforms, on which they can provide a payment gateway and money distribution chains. After that, hackers take their software and exploit vulnerabilities that they found or bought. As a result, a virus is launched into the company's network. Such company vulnerabilities are usually found by penetration testers. One such vulnerability can cost $ 1000 or even tens of thousands.
When the hack is successful, a negotiating firm connects, it communicates with the victim and then helps the company pay off the hackers. After that, the money received as a result of the negotiations is divided between the one who performed the hack and who developed the software. But the catch is that even after the hackers receive the money, all the data that they managed to download during the hacking remains on their servers. The creators of the organizations exercise control over the servers. This is done to ensure that hackers maintain their reputation and be a guarantee for the victim of the hack while negotiations are taking place. It is almost impossible to reveal who is behind all these extortions, since, as a rule, a lot of people are behind a particular group. Even if you manage to catch some specific hackers, who hacked or cashed money, it will not be possible to reach their customers. All this is because the real names are not used on the network and the performers often only know their nicknames.
What DarkSide does today
A hacker organization that positions itself as a corporation. They are actively promoting their movement on the Internet. They even do charity work.
In May of this year, many media outlets around the world started talking about the organization. And this happened thanks to their hacking of the largest supplier of petroleum products in the United States - Colonial Pipeline. What is the Colonial Pipeline? It is the company that controls the health of the pipeline that supplies fuel to the entire US East Coast. This, in turn, is 45% of the refined fuel.
The attack took place on May 7. DarkSide hackers launched a ransomware virus into Colonial Pipeline's computers, thereby blocking the entire system. Along with this, they pumped out about 100 gigabytes of company data. A regional emergency was introduced in 19 states. This was done in order to organize the delivery of fuel and oil products in tank trucks. Truck drivers were allowed to work overtime. But with the obligatory night's sleep. This eased the state of the country a little. It is worth noting that a few days before the attack, the American company DarkSide carried out a hacker attack on the French division of the Toshiba organization. About 740 GB was downloaded from the corporation's servers, including screenshots of passports and various personal information of employees.
The situation with the Colonial Pipeline ended with the hacker group ceasing to function and a statement was made about the dissolution of the group. This was due to the growing pressure on the organization from law enforcement agencies. It should be remembered that this practice is not uncommon among hacker groups. They disband for a short time, and then return under a new name. It is worth noting that DarkSide, before its announcement of the dissolution, managed to receive $ 5 million in cryptocurrency from the Colonial Pipeline company, after which they restored the system and computers to work.
Conclusion
Let's summarize a little of everything that was said above. Cybercrime has ceased to be a rarity for a long time. Time goes by, cybersecurity seems to be already at the highest level, but hacker organizations do not stand still. They develop new software, ransomware and other malicious applications every day. In order not to become a victim of them, you must always remember about precautions.
