Ransom software works by encrypting victims’ data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.
DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that does not mean that we have no experience and we came from nowhere.”
The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up, advertising stolen documents from more than 80 companies across the United States and Europe.
Reuters was not immediately able to verify the group’s various claims but one of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group which publicly disclosed a digital shakedown attempt affecting “portions of its information technology systems” last month.
A Dixie executive did not immediately return a message seeking further comment.
In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.
It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity. Even its tech savvy is nothing special, according to Georgia Tech computer science student Chuong Dong, who published an analysis of its programming.
According to Dong, DarkSide’s code was “pretty standard ransomware.”
Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.
Typically “they know who is the manager, they know who they’re speaking with, they know where the money is, they know who is the decision maker,” said Div.
In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard – may have been a miscalculation.
“It’s not good for business for them when the US government becomes involved, when the FBI becomes involved,” he said. “It’s the last thing they need.”
As for DarkSide, which usually isn’t shy about putting out press releases and promises registered journalists “fast replies within 24 hours,” the group has stayed uncharacteristically silent.
The reason is not clear. Requests for comment Reuters left via its main site and their media center have gone unanswered.