Ransomware has become a dangerous scourge in recent years, where attackers can receive money anonymously in exchange for wreaking havoc in private homes and, above all, in entire companies. Now, a new ransomware is so dangerous that the FBI and the Cybersecurity and Infrastructure Agency of the United States Department ( CISA ) are warning about it.
The reason for warning of this ransomware has to do with the attack suffered by Colonial Pipeline , the largest oil pipeline system in the United States that can transport 3 million barrels of fuel a day between Texas and New York, in a network that runs through 8,850 kilometres.
DarkSide: the always up-to-date ransomware
The attack occurred last Friday, where a group used the DarkSide malware , which works as a Ransomware-as-a-Service (RaaS) . Following the attack, the company had to suspend operations and shut down its systems to contain the incident. The entry vector, it seems, was through an outside company.
The company has not yet managed to recover, and being responsible for 45% of the crude supply to the east coast of the United States, the FBI has become involved as a matter that affects national security.
According to the FBI, cybercriminal groups use DarkSide to gain access to the victim’s network, obtain the data, and then encrypt it . Subsequently, they threaten to publish the data if the victim does not pay the ransom. The problem is that in most cases it ends up published in the same way.
This ransomware system works in a similar way to what happens with a subscription to a program such as Office or Photoshop . In it, cybercriminals subscribe to obtain the most up-to-date version of ransomware, which may exploit new vulnerabilities or have found new entry vectors. In return, the creators of the ransomware keep a portion of the profits when a ransom is paid.
DarkSide has tried to make itself appear as if they were the Robin Hood of ransomware, avoiding attacking hospitals, health centers or care for people. Its developers have quickly distanced themselves from this attack.
Recommendations to avoid ransomware
Due to its dangerousness, the FBI has alerted the engineers in charge of the security of critical infrastructure for the country to be more careful and implement all possible security and prevention mechanisms, including the implementation of a network segmentation between IT and IT networks. OT, check control tools, check backups , and isolate devices from the Internet as far as possible.
In addition, they recommend having multi-step authentication for remote access, implementing phishing filters to avoid fake emails (one of the main routes of entry), traffic filters, use anti-ransomware antivirus, train employees, install patches frequently and perform audits. security periodically.
Finally, they recommend never paying ransomware ransoms, as attackers are encouraged to continue carrying out such activity and profit from it, although they can also profit later by selling data obtained on the Dark Web. Also, it is never a guarantee that files will be recovered.