In May 2021, a ransomware attack on Colonial Pipeline financial computer systems shut down its operations for two days. Because it supplies nearly half the fuel for the U.S. East Coast, the attack was so devastating that the Federal Motor Carrier Safety Administration (FMCSA) declared a state of emergency in 18 states to help with the gas shortages. Meanwhile, the company was losing nearly $1.4 million a day. The hackers knew the company would pay the $5 million ransom to get its system back up quickly.
While the Colonial Pipeline ransomware attacked grabbed the headlines, there were nearly 90 other ransomware attacks launched from the same organization — DarkSide, according to the FBI. If you’re not yet familiar with DarkSide, it’s time to get to know your potential future adversary, and learn how to defend yourself.
DarkSide is one of several new conglomerates that provide “Ransomware as a Service.” These organizations supply everything hackers need to launch successful attacks — from an admin control panel to a cloud infrastructure to payment systems.
DarkSide is such a sophisticated and brazen operation that it sent out a quasi-press release when it launched in August 2020. Among the ironic services it offers are web chat support for the victims of its affiliates, and an intricate dark leak storage system with redundancy. For all its menace, the conglomerate professes to operate under a limited list of moral guidelines. It says its affiliates won’t attack hospitals, schools, non-profits and governments — or Russia-based organizations.
In a continuing discussion on cybersecurity with leading thinkers, we invited Dale Taylor, Senior Solution Engineer, Specialty Domain - Rackspace Technology, to chat with Jeff DeVerter, Chief Technology Evangelist of Rackspace Technology and host of Cloud Talk.
Tune in to hear Dale's insights on ransomware and the ever-evolving world of cybersecurity. Together, he and Jeff discuss the state of ransomware and how organizations can try to prevent these attacks, including:
- What we are dealing with at the advent of sophisticated Ransomware as a Service applications
- Ransomware’s non-traditional and hard-to-trace bitcoin payment processes
- Which types of companies are more likely to be attacked by ransomware
- What’s working now to help defend companies from sophisticated attacks
- The power of contextualization technologies in preventing ransomware attacks
- How to gain leverage in negotiating with ransomware attackers
- Why companies need to be prepared to pay the ransom as an option for restoring their services
- What remediation looks like in the aftermath of a ransomware attack
According to Dale, today’s ransomware attacks are vastly different from the malware attacks of the past. “These attacks are purpose-driven,” he says. “The goal is to encrypt data and exfiltrate files, and to create several layers of ransom to make sure that companies do what the hackers want, which is to pay to regain access to data and systems. These hackers know what they are doing. They are in a different class of cyber hackers. For them, it’s just about the money.”
These operations are so sophisticated that the only way organizations can combat ransomware attacks is with a full-frontal counterattack, explains Dale. “Ten years ago, it was enough for companies to guard the perimeter, filter for malware and educate their people,” he says. “Today they must employ everything they’ve got with technology, processes and people.”
An effective counterattack strategy requires a 360-degree program, which includes a Zero Trust approach to security, multiple layers of authentication, up-to-date backups that are kept separate from the main system, and infrastructure monitoring to look for indicators of compromise.
“Right now, hackers are preparing for their next attacks,” Dale says. “They’re researching their targets so know who they’re dealing with, including everything from their stock price to how much ransomware insurance they have. They’ll know how much they can get paid from an organization and how much pain they need to inflict to get it. Companies today need to be prepared, because today’s ransomware hackers aren’t taking a day off.”