If the project goes well, Cable sees it as a means to evaluate the success of different ransomware prevention policies.
Cable formally launched the site last week, based on publicly available wallet information, user wallet submissions and bulk information donations from researchers. In his spare time Cable's working on Ransomwhere, an open visualization website analyzing Bitcoin wallet transactions. And without that, it can be hard to gauge the impact of whether what we're doing makes a difference," said Jack Cable, a Krebs Stamos Group researcher. "We don't have at least publicly comprehensive data sets for payments. That is unfortunate, as the information would be invaluable as researchers hope to get a handle on the scope of ransomware and what could be done to prevent further outbreaks. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price. That should give every CEO something to think about.The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can't really be trusted. The growing successes of these ransomware attacks mean they are only going to escalate until governments and law enforcement figure out a way of tracking and arresting and punishing them. The eCrime ecosystem remains vast and interconnected, with many criminal enterprises existing to support big game hunting operations." Ransom payments and data extortion became the most popular avenues for monetization in 2020. Want to know more about satellite? Check out our dedicated security channel here onĪs a result, it said: "A tectonic shift toward big game hunting has been felt across the entire eCrime ecosystem. Last year it identified "at least 1,377 unique BGH infections." Groups like DarkSide and their collaborators are what are termed big-game hunters (BGH) that are going after deep-pocketed corporations with increasing frequency.Ĭybersecurity firm CrowdStrike says the first BGH was identified in 2016. What is new is the scale and sophistication. It extorts the victim companies in two ways: it demands one payment for a digital key to decrypt data, and another in exchange for a promise to destroy all stolen files. On one side it sells to tools that enable cybercriminals to go after target companies on the other side it carries out negotiations and payments with victims.
In this ecosystem, DarkSide is a ransomware-as-a-service platform that some have likened to Uber. Even if it were put out of business there are plenty of other bad actors to take its place. It's almost certainly Russian-based, and while there's no evidence of any links to the government, there's also no sign the Kremlin is willing to shut it down. Now we have it." DarkSide sits in the center of a rich eco-system of cybercriminals with every kind of capability – from DDoS tools and webinject kits to social media and cryptocurrency expertise. Like any startup they express pride in their work: "We created DarkSide because we didn't find the perfect product for us. It has also published a mission statement in which its members declare they won't attack hospitals, schools or non-profits. If it seems odd that a hacker gang is putting out press releases like an ordinary company, it reflects the reality that it's a part of a shadow corporate underworld. "Our goal is to make money, and not creating problems for society," they said, according to the Krebs On Security blog. "They're like the dog that caught the car," Stamos commented.ĭarkSide issued a statement on its dark website that it had no political ambitions. Instead it had unintentionally forced the pipeline closure and almost certainly brought themselves to the attention of the US security services. Hold please: Being targeted by hackers in the modern world may feel more like dealing with big business.Īlex Stamos, director of the Stanford Internet Observatory and a former Facebook CSO, said most likely DarkSide was targeting the IT back-end rather than the company operations.