It takes a considerable level of audacity to mess with companies as powerful as oil and gas pipeline owners. But that’s what makes them lucrative targets—their riches!
Is DarkSide Ransomware some modern-day Robin Hood? Or is there something darker looming in the abyss of their anonymity?
The Story of the Colonial Pipeline Attack
From May 6, 2021, to May 12, 2021, the supply of gasoline and jet fuel from Texas to the Southeastern side of the US was disturbed.
The privately-owned company Colonial Pipeline faced a cyberattack which in turn stopped the supply of fuel from their main pipelines.
The company managed to keep one line operational through manual control; however, it is obvious that it wasn’t quite enough.
The hackers were able to infiltrate and take control of all the data, forcing Colonial Pipeline to freeze IT systems and operations—all thanks to DarkSide Ransomware.
What Is DarkSide Ransomware?
DarkSide Ransomware is a Ransomware-as-a-Service (RaaS) company that allows cybercriminals to target businesses that depend on digital infrastructure, and extort large amounts of money out of them.
When the Colonial Pipeline incident hit the news, there were three ways the DarkSide Ransomware tried to clear its name.
One way was to portray themselves as criminals with principles. The DarkSide claimed they never target hospitals, schools, government institutions, and anything that affects the public in general.
They said they take a business’s annual income into account while deciding the ransom to make sure the business can afford to pay the ransom.
The second way was to appear charitable. They claimed to have donated large amounts of stolen money to charities. This one was substantiated by proofs posted on their website.
The problem with providing proof of donating stolen money to a certain charity program is that once it is proven that the sum was stolen, it is seized and returned. Which means none of it is used by the charity.
The third attempt was their apology for the problems faced by the public. They said they miscalculated the impact it would have on people who depend on the supply of Colonial Pipeline.
Who Were Responsible for the Colonial Pipeline Attack?
Theories are popping up that DarkSide Ransomware originated somewhere in Eastern Europe. Some have been more specific in mentioning Russia and Ukraine.
A lot of people believe it has franchises in several countries including Iran and Poland. Who are these predators? And where is this company from? We have yet to find out.
All we know for now is that it is a company that provides an illegal service to all sorts of people, and the actual criminal behind the Colonial Pipeline attack can be anyone—even a person with no background in computer science.
How Does It All Work?
The DarkSide Ransomware has a pattern. The first step is to gain access to all the data a business has. That is usually done through phishing, brute force (scripts that try every possible combination), and other means of cracking the code.
Once they get access, their software encrypts every file in the database. Not only that, but all the important files are copied and sent to the DarkSide group, which can later be used to blackmail the company.
In addition to not having access to their own data, operations, and systems, a company has the pressure to comply with every demand to not end up in the news for having their security breached and data leaked.
Negotiations are made on calls, and most likely by agents of DarkSide ransomware. Once the amount is paid in cryptocurrency, and if the business is lucky, the data is decrypted.
Ransomware-as-a-Service Is on the Rise
The problem with DarkSide Ransomware is that it empowers criminals that previously didn’t have the skills to hack entire systems of businesses.
The sad truth is, most of these criminals target small- to medium-sized businesses. And more often than not, they don't keep their word (about their policies and promises) either because of miscalculations or pure malice.