The FBI and CISA issued a security notice, jointly, after the catastrophic attack on the Colonial Pipeline by DarkSide ransomware. The notice was posted yesterday and provides details about DarkSide team running a Ransomware-as-a-Service (RaaS) network.
DarkSide is responsible for the recent Colonial Pipeline attack. Last week, the management company of the largest fuel pipeline in the US, said a cyber attack her forced to stop work and shut down its IT systems to prevent the malware from spreading.
The FBI deals with the case, since we are talking about an attack on critical infrastructure of the country.
"Cybercriminals use DarkSide to gain access to a victim's network and to encrypt and steal data", The notice states. "These groups then threaten to report the data if the victim does not pay the ransom. The teams that run DarkSide have recently targeted organizations in various areas, such as: construction, law and insurance companies, healthcare and energy".
DarkSide ransomware is provided to RaaS clients. This "cybercriminal model" is quite popular, as it only requires a core malware development team, which can then be distributed to other criminals.
In RaaS services, developers provide malware / ransomware to others and are paid a certain amount or a percentage of the ransom received by criminals who have used ransomware. Developers continue to improve their malware product.
DarkSide operators are supposed to, provide it to criminal clients who do not target organizations medical care, hospitals or care providers. The Darkside operators have distanced themselves from the Colonial Pipeline attack (because it is the country's main fuel supplier) and have blamed their associates for the attack, without giving further details.
"Our goal is to make money and not to create problems for societySaid the DarkSide gang.
The FBI and CISA are also proposing some practices to prevent or mitigate the ransomware threat, especially for organizations with critical infrastructure.
Among other things, they advise organizations to be constantly vigilant and to control their systems, while it is necessary to network segmentation but also the backup.
- Authentication multi-factor
- Spam filters for its mitigation Phishing, network traffic filters
- Education and sensitization cybersecurity workers
- Tactics updates systems
- Implementation security checks, risk assessment
- RDP restrictions
"The CISA and the FBI do not encourage the payment of ransoms to criminals", Added the organizations. "The ransom payment may encourage opponents to target additional organizations, encourage other criminals to participate in ransomware distribution, and / or fund illegal activities. The ransom payment does not guarantee the recovery of the victim's records".