Straitstimes.com header logo

Hackers behind ransomware attack 'new but experienced'

Sign up now: Get ST's newsletters delivered to your inbox

Follow topic:
WASHINGTON • The hackers linked to the extortion attempt that has snared fuel deliveries in the United States' East Coast may be new, but that does not mean they are amateurs.
Who precisely is behind the disruptive intrusion into the Colonial Pipeline has not been made officially known and digital attribution can be tricky early on in an investigation. A former US official and two industry sources have told Reuters that the group DarkSide is among the suspects.
Cyber-security experts who have tracked DarkSide said it appears to be composed of veteran cyber criminals who are focused on squeezing as much money as they can from their targets.
"They're very new, but they're very organised," said Mr Lior Div, chief executive of Boston-based security firm Cybereason.
"It looks like someone who's been there, done that."
DarkSide is one of a number of increasingly professionalised groups of digital extortionists, with a mailing list, a press centre, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.
Experts said DarkSide was likely composed of ransomware veterans and that it came out of nowhere last year and unleashed a digital crime wave.
Mr Div said more than 10 of his firm's customers have fought off break-in attempts from the group in the past few months.
Ransom software works by encrypting victims' data. Typically, hackers will then offer the victim a key in return for payments that run into the hundreds of thousands or even millions of dollars.
If the victim resists, hackers pile on the pressure by threatening to leak confidential data.
DarkSide's site on the Dark Web hints at its hackers' past crimes, claims they had made millions from extortion but gave anonymous donations to charity.
The site also features a Hall of Shame-style gallery of leaked data from victims who have not paid up, advertising stolen documents from more than 80 companies across the US and Europe.
In some ways, DarkSide is hard to distinguish from a crowded field of Internet extortionists.
Mr Div said what does set them apart is the intelligence work they do against their targets.
They know who is the manager, who they are speaking to, where the money is and who is the decision-maker, he added.
In that respect, Mr Div said, the targeting of the pipeline, with its potentially massive knock-on consequences for Americans, may have been a miscalculation.
"It's not good for business for them when the US government becomes involved, when the Federal Bureau of Investigation becomes involved."
REUTERS
See more on

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Privacy Policy

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2025 SPH Media Limited. All rights reserved.