Search This Blog

Showing posts with label Colonial Pipeline Attack. Show all posts

Darkside Ransomware Gang Received Nearly $5 Million as the Extortion Amount from the Victims of Colonial Pipeline Attack

 

Security experts at London-based blockchain analytics firm Elliptic discovered the bitcoin wallet used by the ransomware group responsible for the Colonial Pipeline attack and the extortion amount received from victims. 

According to a report from blockchain analytics firm Elliptic, the ransomware gang Darkside received a ransom payment of 75 Bitcoin, or roughly $5 million, made by Colonial Pipeline on May 8 following the cyberattack on its operations.

The cyberattack on Colonial Pipeline led to widespread fuel shortages in the U.S. and has been described as the worst cyberattack on critical U.S. infrastructure to date. 

Security researchers first spotted the ransomware gang’s operation in August 2020 and nearly after 9 months in May 2021, the FBI confirmed the role of the Darkside ransomware gang in engineering the attack on Colonial Pipeline.

In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, emerging from 47 distinct wallets. According to DarkTracer, 99 organizations have been attacked with the DarkSide malware – indicating that almost half of DarkSide victims paid a ransom and that the average payment was $1.9 million. DarkSide says it targets only big companies and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector, and non-profits. 

The firm also discovered a ransomware bitcoin payment made by Brenntag, a large chemical distribution company in Germany, totaling roughly $ 4.4 million. The group's wallet has been active since March 4, 2021, and has received 57 payments from 21 different wallets, according to Elliptic.

DarkSide and other ransomware groups have engineered the ransomware-as-a-service model, where the designers of the malware can effectively outsource the actual hacking and infecting of a target and then split whatever ransom comes in. The practice has democratized ransomware use, allowing less experienced cybercriminals to get in on the scam without any technical knowledge. 

"In this operating model, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target computer system and negotiating the ransom payment with the victim organization. This new business model has revolutionized ransomware, opening it up to those who do not have the technical capability to create malware, but are willing and able to infiltrate a target organization," Elliptic told.

GasBuddy Jumps to No. 1 on Apple Store After Colonial Pipeline Shutdown

 

Someone’s loss is someone else’s gain – this proverb perfectly fits in the scenario of GasBuddy. GasBuddy, a popular fueling app that allows users to identify when a station is out of fuel, is the most downloaded app on US Apple devices amid a run-on gas caused by a cyberattack on a critical pipeline. The rapid surge came after the company activated its emergency fuel availability tracker feature, used typically to help people find where there is gas after a natural disaster such as a hurricane.

According to the mobile analytics firm App Annie, the company’s app rose from the 900th most popular in the App Store last week to No. 1 on Wednesday. In the Google Play store that serves many Android devices, GasBuddy has risen to 24th. 

The Colonial Pipeline reopened on Wednesday after being hit by a ransomware attack last Friday. The pipeline delivers about 45 percent of the gas on the East Coast. The cyberattack caused long lines and outages at gas stations in the Southeast because of distribution problems made worse by panic-buying. 

According to GasBuddy, users of Android and iOS devices typically downloaded its application about 15,000 times per day in 2021. But, on Tuesday that the app reached 313,001 downloads compared with the average daily downloads of 15,339 in the last thirty days. This means the app reached 20 times more downloads on Tuesday than the average day in 2021. 

“I was taken aback by the extent of the gas shortages. By Thursday afternoon, GasBuddy said, there were outages at 73 percent of stations in Washington, D.C, 69 percepnt in North Carolina, 52 percent in South Carolina, and at high levels in several other states,” Max Metral, GasBuddy’s chief technical officer, said in an interview.

“We knew we’d have some traffic increase, but I had no idea, there’s a societal part of that, too, because the event itself wasn’t the problem. The problem was that everyone just went out and tried to horde gasoline, and it got much worse,” Metral added.

WawaGasBuddy was established in 2000 as a website to track fuel prices. It had been owned by United Communications Group, a Maryland-based private holding company, but was sold to Professional Data solutions, Inc. in late April. It uses data contributed by users at more than 150,000 gas stations to offer analysis about the fuel market.