On the fourth day of local time, the US State Department announced a reward of $10 million to collect information on the identity and location of the senior leaders of the "dark side" of the cybercrime organization. The FBI says the group is based in Russia.
In addition, the State Department has pledged to pay an additional $5 million to find criminal personal information involved in the May hack of the "Dark Side" on the colonial pipeline system.
U.S. State Department spokesman Price said in a statement that by offering this reward, the United States is a testament to its ongoing commitment to protecting ransomware victims around the world from exploitation by cybercriminals.
The total amount of these two rewards is about 96 million yuan. Why is this hacking group so heavily rewarded by the United States? What happened in May that made the United States furious?
fuse
In May, the Dark Side launched a blackmail attack on the Colonial Pipeline, forcing the closure of the largest U.S. pipeline, sending gasoline prices soaring, panic buying and regional fuel shortages in the southeastern United States, plunging many parts of the country into a state of emergency.
The group hacked into the network of the Coroneil Pipeline Transport Company on May 6 and stole nearly 100gb of data, and hackers implanted ransomware into the targeted system and demanded that the victim pay for decryption, otherwise the data would be leaked to the Internet. The colonial pipeline company was forced to pay the cybercriminal group $5 million in cryptocurrency as a ransom before getting the keys to unlock the network.
Although the U.S. Department of Justice said it had recovered about $2.3 million in ransom in June. But it still completely angered the United States.
U.S. President Joe Biden slammed the attack on the pipeline as "a criminal act."
It is understood that Darkside first appeared in August 2020 as a cutting-edge representative of the ransomware gang, which uses the ransomware-as-a-service (RAAS) model for various criminal activities and specifically targets businesses that have the ability to pay large ransoms, encrypting data while stealing data, and threatening to make their data public if the ransom is not paid. According to the darkside group, its ransomware comes with the fastest encryption speeds on the market and includes windows and Linux versions.
Since its inception, activity has been rampant, causing headaches for business organizations in various countries.
In November 2020, the Darkside Ransomware gang claimed that they were building a distributed storage system in Iran to store and leak data stolen from victims. And by recruiting developers for programming development, as well as recruiting members to implement corporate intrusions, both developers and members can get paid a certain percentage.
On April 20, 2021, the Darkside gang used cyberattacks to short listed companies (such as those listed on the NASDAQ or other stock markets), causing the stock price of the target company to fall, thereby increasing the pressure on the victims.
On April 28, 2021, the Darkside gang suspected of attacking Italian credit bank banca di credito cooperativo, paralyzing the bank's 188 branches.
The group has previously attacked more than 40 victim groups and demanded a ransom of $20-20 million.
Blackmail attacks are different from traditional cyber attacks in that they don't pry your safe, but make you a bigger safe and lock your safe so that I can't use it and you can't use it, and you have to pay a ransom.
In May 2021, the world's largest meat supplier JBS was attacked by a ransomware virus; U.S. software developer Kaseya was ransomed, and cyber attack gangs demanded ransoms of up to $70 million; and a few weeks ago, sinclair Broadcasting Group, one of the largest U.S. television operators, also claimed to be attacked by ransomware, with some of its server and workstation data being hijacked by ransomware, and office networks and operational networks being disrupted. A few days earlier, ransomware gang Grif claimed to have "hit" the National Rifle Association (NRA) in an attack.
One extortion attack after another finally made the United States intolerable. Maybe this is just the beginning, with the most popular hacking group.
Of course, the United States calls the "dark side" a Russian organization, I don't know if it is due to political considerations, because there is no definite evidence, we do not know. But the "dark side" declares: "Our goal is to make money, not to create trouble for society, nor to act politically." "There is no inconclusive.
Sound the alarm bell of industrial safety
According to incomplete statistics, there will be a ransomware attack every 11 seconds in 2021, and the economic loss caused by the ransomware attack may reach $900 billion worldwide.
At present, ransomware attacks have evolved into a global security problem, and extortion attacks have evolved towards specialization and organization.
With the development of blockchain, Bitcoin and other technologies, ransom payments are becoming more and more hidden and fast, extortion ransom is also getting higher and higher, hackers get high remuneration, gradually subdivide more types of work, forming a complete industrial chain.
Today, extortion attacks have penetrated into a variety of key industrial fields, such as energy, transportation, communications, medical care, industry, transportation, etc., which control the important lifeblood of the operation of the city, and have become the targets of extortion attacks.
In addition to the Above-mentioned Coroner Pipeline Transport Company incident, maersk group, the world's largest shipping company, was attacked by the petya ransomware virus in 2017, and the company's systems were forced to shut down, affecting the operation of 76 ports around the world, and the attack eventually led to losses of 200 million to 300 million US dollars.
There are also some traditional manufacturing industries that also rely on traditional IT and are often targeted by hackers. But because manufacturing is interrelated, it means that if a factory is targeted by hackers, the entire industrial chain will be affected.
Lei Feng believes that with the deepening of digital transformation, the network security construction of enterprises should also become the most basic guarantee, and only the security of the rear can run faster and farther on the digital track.
![Say the "old" trilogy[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)