After a ransom Attack late last week The colonial pipeline and the U.S. government are under threat To restore service to a pipeline that supplies fuel to about half of the East Coast. According to the FBI, the perpetrators are notorious and courageous The ransomware gang is known as DarkSite. And the consequences of their attack could spread far beyond their purpose.
Colon Colonial Pipeline said they are hopeful they will restore full service by the end of the week; In the meantime, the Department of Transportation had a release Emergency orders Permission to extend oil distribution by truck on Sunday. However, the real impact of the attack may be felt in the world of ransomware. Although several hackers have long been involved in anarchic targets Horrible rash of attack on the hospital Last fall, close observers said the pipeline incident could ultimately present a turning point.
Darkside grew up last August and declared itself with a vengeance of professionalism and skill. At the time, it promised not to target healthcare providers, schools or businesses that could not provide. A few months later, the group created a series Charitable grants, Part of a long-term effort to manage its reputation. But as a transom-as-a-service operation, Darkside basically works on an approved model, lending its ransomware and infrastructure to criminal clients and deducting some of what clients earn from their attacks. On Monday, with increasing pressure from U.S. law enforcement and the White House itself, Darkside said it would blame its allies for the ial colonial pipeline hack and promised to monitor more closely the perpetrators it has dealt with.
“Darkside” posted on Monday “We are politicians, not participating in geopolitics.” Our goal is not to make money and create problems for society. From today we introduce restraint and examine every organization that our partners want to encrypt to avoid future social consequences. ”
The statement reminded the government of any industry committed to self-policing as an alternative to control. But even if you can take Darkside by word of mouth, it does mean that some companies, if they are carefully selected, are somehow acceptable to set goals with Rainsware.
Katie Nichols, director of intelligence at the security agency Red Canary, said: “It’s extremely difficult to say at least whether ransomware operators have to decide whether they are capable of compromising.”
Darkside’s dubious promise of self-regulation probably stemmed from concerns that a critical infrastructure company had been hacked and that a public service breach had finally crossed a red line – whether DarkSite or any of its clients had carried out the attack.
“I am not surprised. Brett Collo, a threat analyst at antivirus firm MCSoft, said it was a matter of real time before large-scale infrastructural rinsomware incidents occurred. “Darkside understands that this level of perception is not a good thing and can bring the government into action. They may have smaller attacks at the moment in the hope that they will be able to continue making money for longer. “
As Collo and other researchers emphasize, it is difficult to come up with meaningful definitions of ransomware and cyberattacks in general. Despite repeated wake-up calls and ransom-related disasters, the government has not shown enough significance to try to resolve the issue.
“One of the biggest challenges in cyber deterrence is attribution and you can see that in this situation,” says Nichols of Red Canary, “in this situation, there are ransom developers, their partners and clients and host countries ignoring their behavior. Who is to blame? Who should be prevented? “