DarkSide Ransomware hit Colonial Pipeline and created Unholy Mess
DarkSide was a testament to this implementation problem even before the Colonial Pipeline attack. It is aimed almost exclusively at English-speaking organizations and is believed to be a criminal group based in Russia or Eastern Europe. DarkSide malware was built to perform language checks and to shut down if it detects Russian, Ukrainian, Belarusian, Armenian, Georgian, Kazakh, Turkmen, Romanian, and other languages associated with Russian geopolitical interests. The Kremlin has historically allowed cybercriminals to operate indefinitely within its borders, as long as they do not go after their countrymen.
DarkSide’s income-saving business model makes it difficult to determine who is behind the DarkSide attack, with adequate isolation for all involved. And the existence of ransomware rental services shows how well-known and profitable these attacks are. Members of DarkSide steal point-of-sale credit card data and ATM collection attacks years ago, says Adam Meyers, vice president of intelligence for security firm CrowdStrike, which continues under the name DarkSide activity Carbon Spider. “Ransomware has come into play because there’s a lot of money,” Meyers says.