Scott Jasper
Last May, Americans up and down the East Coast waited in long lines for gas. The panic wasn’t caused by a foreign war or sanctions but by a Russian ransomware attack. The Russia-based criminal group DarkSide had infected Colonial Pipeline with ransomware and demanded millions of dollars to unlock Information Technology systems. Colonial shut down the flow of fuel from the Gulf Coast for a week, even after paying the hackers roughly $5 million.
Soon after, DarkSide went dark when its blog site and payment server were taken down by its service provider. However, the group adapted. It rebranded as BlackMatter in an attempt to avoid law enforcement. That tactic worked until Russian authorities arrested a DarkSide hacker behind Colonial Pipeline in January after President Joe Biden asked President Vladimir Putin to crack down on Russian cyber criminals.
Another prolific ransomware operation named Conti, run by a Russian cybercrime syndicate, chose a different, more clever strategy to continue its operations in the face of efforts by law enforcement to stop them. Conti drew undue attention after the Russian invasion of Ukraine by officially announcing full support for the Russian government, and declaring that it would strike back at the critical infrastructure of any country that decided to organize war activities against Russia. In response, an infuriated Ukrainian security researcher leaked thousands of internal Conti messages and the source code for the Conti ransomware encryptor and decryptor.
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/75OJ5OPOINHVPA2TC35RMDZXNE.jpg)
