Many of the world’s largest cybercrime gangs continue to actively hack and extort victims, undeterred by the international spotlight after one of their peers hacked into an American fuel pipeline.
A Russian-affiliated hacker gang DarkSide went missing last week after hacking into Colonial Pipeline, which supplies fuel to much of the US east coast. This prompted the company to shut down operations for five days, leading to gas shortages in the United States and the conviction of President Joe Biden. Seemingly frightened, DarkSide, which had collected around $ 5 million in ransom from the company, said it was “apolitical” on its main website, which was quickly taken down.
But DarkSide is just one player in a flourishing scene of cybercrime groups. More notorious gangs are still active after the colonial attack, based on evidence of their exploits, which many such groups post on blogs they maintain on the dark web.
The groups continue to publish information about the victims they hacked and actively extort American organizations. Like DarkSide, these gangs make money by infecting organizations with ransomware, which means they hack into them to encrypt and steal files. They demand money to make their files usable, threatening to post private files if they don’t get paid quickly.
An effective ransomware attack can net hackers millions of dollars. Although some gangs, like DarkSide, code their hacking programs not to attack Russian victims, many ransomware groups have little qualms about who they hit, as long as they can potentially turn a profit.
A gang with a history of hospital hacking during the coronavirus pandemic has devastated a hospital that serves the Navajo Nation in recent months and released sensitive patient records from other U.S. hospitals who failed to pay promptly. Last week he also hacked into Ireland’s national healthcare system, the Health Service Executive, or HSE, a spokesperson confirmed by text message. The service’s mail server is still offline due to the attack.
The attack, which the HSE announced on Friday, led to a number of appointment cancellations across six Irish hospitals. Irish Minister for Public Procurement and E-Government Ossian Smyth said it was “probably the biggest cybercrime attack against the Irish state”.
The gang has been active with extortion attempts on its website. As of May 13, he’s released files from Bee County, Texas, a Utah farm equipment maker, an Australian butcher chain, and an Indian travel tech company, all as a punishment for not paying.
Another prolific group is recently known to have hacked into a Taiwanese company that makes Apple computers and leaked previously private specifications. As of Saturday, he has posted evidence of at least four new victims on a dark web blog he maintains: a California sensor maker, a Texas homebuilding company, a Florida law firm, and a corporation. international customer experience consulting.
A third gang last week released a vast mine of stolen documents from the Washington, DC Metropolitan Police Department after police allegedly offered just $ 100,000 to keep them private. On Friday, he disclosed files from two other victims: a New Jersey LED lighting maker and the U.S. branch of a Swiss automation company.
The websites of two small ransomware gangs were taken down over the weekend, prompting speculation that DarkSide’s demise marked the beginning of the consequences for cybercriminals of their frenzy.
But the reality is probably bleaker, said Allan Liska, ransomware analyst at cybersecurity firm Recorded Future.
“The most likely scenario is that DarkSide rightly feared they had drawn too much attention, so they decided to shut down operations and empty their accounts,” Liska said. The other groups “were second-tier players – they won’t be missed.”