The DarkSide ransomware gang must be shitting itself right now

Graham Cluley
@gcluley

The DarkSide ransomware gang must be shitting itself right now

The disruption caused to the Colonial Pipeline on the east coast of the United States following a ransomware attack is understandably huge news, with President Joe Biden himself saying publicly that he is taking an active interest and is being briefed on a regular basis about the situation.

Meanwhile, in a terse statement, the FBI says it has confirmed that the DarkSide ransomware gang was responsible for the attack on Colonial Pipeline’s network.

So, what do you do if you’re a ransomware gang which has just caught the attention of not just the world’s media, but also the FBI and the President of the United States?

My hunch is that you would be shitting yourself.

Sign up to our newsletter
Security news, advice, and tips.

Sure enough, check out the statement in rather broken English that DarkSide has published on the website where it normally leaks data stolen from compromised organisations.

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives. Our goal is to make money. and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

If that doesn’t sound like a ransomware gang knowing that it might have bitten off more than it can chew, I’m not sure what does.

Previously, DarkSide has claimed on its professional-looking website that it will not target medical facilities, funeral services, educational establishments, non-profit organisations, and governments.

If I were a member of the DarkSide gang I’d certainly be worried that US law enforcement are likely to be putting significant resources into uncovering my identity, and that someone might be tempted to share information about me with the Feds.

Further reading: Report: Colonial Pipeline paid ransomware attackers $5 million, but still had to rely on its own backups.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

7 comments on “The DarkSide ransomware gang must be shitting itself right now”

  1. I don't know. There are lots of ramsomeware groups that have been way more successful. Darkside has hit energy sector companies previously. Revil group has as well.

    There are ransomeware groups sanctioned that are still carrying out attacks.

    It would be interesting to learn how initial access was gained and what controls where invested in to prevent ransomware.

    Their TTPs are well known. I wonder what due diligence and due care was invested in.

  2. You can bet that the 3 letter agencies know who these people are, where they live, who they associate with, where their servers are hosted and a heap of other things. Given high power satellite imagery they most likely also know what they people look like and their daily routines. The US has sent in snatch squads to apprehend and bring to justice some of the more blatant perpetrators of cyber crimes such as Roman Saleznev, the son of a close Putin ally, who was renditioned from his beachfront villa during a family vacation. We have seen the use of drones and hellfire missiles to take out other wanted perpetrators such as British bon Junaid Hussain as he walked down a street in Raffa, Syria. The IDF has dropped much larger ordinance to take out cyberHQ.com while it planned cyber attacks against critical infrastructure, and plainly there is a universal red line when it comes to attacks against any nation's critical infrastructure. The US has reserved the right to retaliate against cyber-attacks with military force since 2011 and if I were a prominent member of DarkSide I would be investing in a former ICBM silo or fallout shelter to spend the rest of my life.

    But the problem of cyber attacks is now endemic. Some states have conveniently turned a blind eye to the harboring of wanted cybercriminals and may now as a result face, the consequences of their inaction to bring these perpetrators to justice. Whether that is in the form of extrajudicial actions by the international community or by punitive trade measures and sanctions to persuade leaders to adhere to the international rules based order is currently up to them – but not for long. Just like the operators of pipelines and hospitals, pariah states and the criminals they harbor seem to be under an illusion that it will never happen to them.

    1. This hack constitues an act of war. The United States should declare war on the Darkside group and use any means necessary to wipe them out.

  3. I would say that whatever countries (Russia?) are known to harbor these individuals should feel the full weight of sanctions and other appropriate actions. This causes real economic damage, same as if an oil terminal was blown up. It needs to end.

  4. To bad they have to use the name The Darkside. Cause I was a firm believer that The Darkside did nothing wrong and the Rebel Aliance were the bad guys. I really hope they become Targets and not by the government but some rogue squad of people who are very upset with their actions. However they will end up being recruiter by some Three letter Agency or some Cyber Security place with no consequences.

  5. Put a ridiculously high price on their heads. Apprehend them. Hang them high with cameras in their face and televise it globally so the entire world can look into their eyes as they die. Don't give them proper burial just leave them hanging til there's nothing but bones. Tell everyone we will never pay one penny in ransom but we WILL pay billions to apprehend these people and make them TV stars.

  6. The darkside perpetrators are subject to the rule of law like every other criminal.. They should be caught and prosecuted. those of you who want excessive actions seem to miss that America is a country of laws. Last I heard cybernetic was not a capital offense.

    The real issue here is that American companies are so shortsighted "it won't happen to us" that they don't spend the time and money to prevent this from happening . It is preventable. The citizens are so full of themselves "how dare they attack us" that they don't demand the companies fix the problem. Example : how in this day and age can a scammer call my cell phone and present someone else's phone number. An ounce of prevention equals a pound of repair.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.