The DarkSide hacker gang reportedly responsible for the devastating attack on the Colonial Pipeline this weekend is a relatively new group, but cybersecurity analysts already know enough about them to determine how dangerous they are.
According to Boston-based Cybereason, DarkSide is an organized group of hackers set up on the “Ransomware as a Service” business model. This means that the DarkSide hackers develop, market and sell ransomware hacking tools to other criminals who then carry out attacks. Think of this as the evil twin of a Silicon Valley software startup.
Bloomberg first reported that DarkSide may have been involved in the attack on the Colonial Pipeline.
On Monday, Cybereason sent a new statement to CNBC from the DarkSide website apparently dealing with the Colonial Pipeline shutdown.
Under the heading, “On the Latest News,” DarkSide claimed it was not political and just wanted to make money without causing problems for society.
“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” the statement said. “Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid future social consequences.”
Cybereason reports that DarkSide has a perverse desire to be ethical and even publishes its own code of conduct for its customers letting them know who and what targets are acceptable for attacks. Protected organizations that must not be harmed include hospitals, hospices, schools, universities, nonprofits, and government agencies. Units located in former Soviet countries are also apparently protected. So all profit-oriented companies in English-speaking countries are fair game.
DarkSide also claims that it will donate some of its profits to charities, although some of the charities have declined the contributions.
“No matter how bad you find our job, we are happy to know that we have helped change someone’s life,” wrote the hackers. “Today we broadcast [sic] the first donations. “
Cybereason found that the group is very professional, provides a help desk and phone number for victims, and has already released confidential data on more than 40 victims. It maintains a website called DarkSide Leaks, modeled after WikiLeaks, where the hackers publish the private information of companies that have stolen them.
They perform “double blackmail” which means that the hackers not only encrypt and lock the victim’s data, but also steal data and threaten to post it on the DarkSide Leaks website if companies don’t pay the ransom.
Typical ransom demands range from $ 200,000 to $ 20 million. According to Cybereason, the hackers gathered detailed information about their victims to learn about the size and scope of the company, as well as the key decision-makers within the company.
The hackers keep expanding: Cybereason reports that they recently released a new version of their malware: DarkSide 2.0.