Hi, it's Jamie on the cybersecurity team. There can be such a thing as too much attention. DarkSide and REvil, two of the most prominent ransomware hacker groups out there, have taken to the shadows to escape the spotlight they've garnered in recent weeks, according to analysts who track the groups. Between the two of them, they have managed to extort tens of millions of dollars from corporations including Colonial Pipeline Co. and JBS SA—and untold other victims who remain silent about the ransoms they've paid. That the FBI was able to recoup some of DarkSide's winnings and seize some of its servers has cybercriminals rethinking their brazen approach, said Daniel Smith, head of research at cybersecurity firm Radware Ltd. "Ransomware for the last few months was kind of like drug dealers who were openly standing on the corner, selling drugs. And what has happened is that there is a lot of heat and attention on the corner and the dealers have had to leave," he said. The groups have altered their tone on the dark web, he said, and when they talk about operations now, they cloak it in terms that suggest other activity, like penetration testing, which many firms carry out to legitimately test the fortitude of their systems. "There's been a change on these dark net forums, in criminal forums, and they are pulling back into the shadows, not talking directly about targeting victims with ransomware," Smith said. Some of the Russian hacker forums have banned discussions of ransomware and blocked groups like DarkSide from contributing to conversations, said Jon DiMaggio, chief security strategist at Analyst1, who has long studied Russian cybercriminal activity. "There is a fear that wasn't there before," he said. "These guys are legitimately concerned right now compared to the normal tone of things." Some of the conversations DiMaggio shared include chatter about the possibility of extradition to the U.S., how many years a hacker might spend in jail before being eligible for parole and whether the Russian government might turn on them because of political blowback. Some of that blowback was evident when President Vladimir Putin met with President Joe Biden in Geneva on June 16. Biden asked Putin to consider how bad a pipeline disruption—as happened in the U.S. after the Colonial Pipeline hack—would be on the Russian economy. "He said it would matter," Biden told reporters. The two leaders agreed to assemble experts to work out what targets might be off limits. Biden said he would be able to track the strength of Putin's commitment by seeing whether he acts against hackers operating within his country's borders. With all the attention, ransomware groups may be keeping a low profile at present, but Smith predicted it wouldn't last. "There's way too much money on the table for them to walk away," he said. "All these groups, all these operators and affiliates are making tons of money, and no one's leaving that." —Jamie Tarabay |
Post a Comment