Security News > 2021 > May > Security Researchers Dive Into DarkSide Ransomware
Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack.
The RaaS features the typical characteristics of any ransomware enterprise: after the target systems have been compromised, data is encrypted and exfiltrated for extortion purposes, and the victim is provided with means of contacting the attackers to receive details on the payment request and to negotiate the ransom.
To date, DarkSide has been used in attacks targeting tens of organizations in the financial services, technology, legal, manufacturing, retail, and professional services sectors.
Security researchers with cybercrime intelligence firm Intel 471 say that, for initial access, the threat actors use access credentials purchased on underground forums, brute-force attacks, and spam email campaigns or botnets for malware delivery.
FireEye has analyzed the attacks associated with three of the DarkSide affiliates, revealing that, while one of them would deploy the ransomware only three days after the initial compromise, a more established adversary tends to lurk in the compromised networks for months before making a similar move.
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI released an alert to provide information on the best practices organizations should adopt to prevent falling victim to DarkSide ransomware attacks.
News URL
Related news
- Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster (source)
- Ransomware gang deploys new malware to kill security software (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers (source)
- Researcher sued for sharing data stolen by ransomware with media (source)
- Researchers find SQL injection to bypass airport TSA security checks (source)
- Security Researcher Sued for Disproving Government Statements (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)