Aug 9—A new hacking group has emerged. They’re using a technique similar to that of the DarkSide cyber criminal gang. Earlier this year, DarkSide hacked Colonial Pipeline Co. The group offers Ransomware-as-a-Service. DarkSide retains a reputation for operating like a franchise, where individual hackers can pay for use of the group’s software.

Darkside claims to be apolitical. In other words, the group does not appear to be state-sponsored. The group primarily aims to extract financial resources from organizations.

Data indicates that DarkSide most frequently targets US enterprises. Over 500 DarkSide ransomware threats popped up in the US, with substantially fewer across France, Belgium and Canada. Thus far, DarkSide appears to have leaked only one enterprises’ data. However, the quantity of data leaked is over 200 GB.

DarkSide hackers

The new hacking group, known as BlackMatter, may in fact represent a collection of DarkSide criminals who are rebranding themselves under a new name. Both groups not only appear to leverage similar tools and techniques; the two also leverage similar financial infrastructures in order to process payments from ransomware victims.

Ransomware groups are trying out outmaneuver law enforcement. Shifting names and transitioning to similar, albeit not-quite-the-same, tactics helps ransomware operators to evade identification.

In-depth analysis

Massive overlaps exist between the way in which DarkSide encrypts files and the way in which BlackMatter encrypts files. Both encryption processes appear to be compiled from identical source code.

In addition, the addresses where ransomware payments are accepted and that hold funds appear to be the same. The two groups relied on overlapping cryptocurrency wallets. The wallets owned by BlackMatter appear to have already received payments. The precise number of payments received remains unknown.

Biden and ransomware

High profile ransomware attacks across the past six months have led the White House to suggest that organizations take ransomware threat prevention seriously. Read about the White House announcement here.

Further, new initiatives are underway in order to curb national cyber security threats. Last week, Jen Easterly, the us cyber security and infrastructure security director, announced the development of the Joint Cyber Defense Collaborative (JCDC), which will coordinate a more unified and nuanced federal approach to cyber security.

However, experts suggest that cyber security attacks, and ransomware threats in particular, may shape shift more quickly than authorities can keep pace with.

For further information about preventing ransomware threats, click here. Or see our industry specific content:

• Ransomware attacks on the transportation industry
• Ransomware attacks in major construction companies
• Ransomware attacks on industrial control systems
• Attacks involving ransomware on the education sector
• Retail risk information here

For general ransomware resources, check out the Cyber Talk resource page.