93 matches found
FBI Claws Back Millions of DarkSide’s Ransom Profits
United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice DOJ and FBI announced in a joint press conference on Monday. “Today we turned the tables on DarkSide,” FBI Deputy Director...
This Week in Security News June 4, 2021
Cyberattack hits JBS meat works in Australia, North America and DarkSide Targets Virtual Machines...
Podcast: The State of Ransomware
Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas...
DarkSide on Linux: Virtual Machines Targeted
We focus on the behavior of the DarkSide variant that targets Linux. We discuss how it targets virtual machine-related files on VMware ESXI servers, parses its embedded configuration, kills virtual machines VMs, encrypts files on the infected machine, collects system information, and sends it to...
Colonial Pipeline attack spurs new rules for critical infrastructure
Following a devastating cyberattack on the Colonial Pipeline, the Transportation Security Administration—which sits within the government’s Department of Homeland Security—will issue its first-ever cybersecurity directive for pipeline companies in the United States, according to exclusive reporti...
A week in security (May 17 – May 23)
Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers for using VirusTotal, and dug into how an authentication vulnerability was patched by Pega Infinity. We also explored how a Royal Mail phish deploys evasion tricks to avoid analysi...
DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months
DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were...
Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware
CISA and the Federal Bureau of Investigation FBI have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise...
DarkSide Hits Toshiba; XSS Forum Bans Ransomware
For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business. Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the...
Try This One Weird Trick Russian Hackers Hate
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types o...
A week in security (May 10 – 16)
Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the...
DarkSide ransomware call it quits after Bitcoin, servers are seized
By Habiba Rashid DarkSide Ransomware gang was behind the recent Colonial Pipeline cyberattack. This is a post from HackRead.com Read the original post: DarkSide ransomware call it quits after Bitcoin, servers are seized...
DarkSide Suffers ‘Oh, Crap!’ Server Shutdowns
DarkSide, the ransomware-as-a-server RaaS gang that crippled Colonial Pipeline Co. a week ago, extorted around $5 million, and sent the fuel company a decryption tool that reportedly could barely limp through the process of unlocking files, has now been paralyzed itself. In the wee hours of Frida...
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained th...
Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals
Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to regain control of its computer networks. "Following this restart, it will take several...
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast. Sources familiar with the payout told Bloomberg that representatives of Colonial Pipeline paid the...
Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags
Colonial Pipeline Co. may have turned off the tap following Friday’s ransomware attack, but the news about the devastating assault keeps gushing. In the wake of the DarkSide cyberattack, President Biden signed an executive order Wednesday aimed at bolstering the federal government’s cyber defense...
Threat spotlight: DarkSide, the ransomware used in the Colonial Pipeline attack
Late last week, the business network systems of Colonial Pipeline, the biggest supplier of fuels on the East Coast of the United States, were compromised due to a ransomware attack, forcing the company to temporarily shut down its operations while investigations are underway. Monday morning,...
What We Know About the DarkSide Ransomware and the US Pipeline Attack
Trend Micro Research found dozens of DarkSide ransomware samples in the wild and investigated how the ransomware group operates and what organizations it typically targets...
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Heres a closer look at the DarkSide...