Bounty rewards to hunt DarkSide ransomware hackers

Million rewards for information on DarkSide ransomware
DarkSide, ransomware, Colonial Pipeline

The US Department of Justice announced a money reward of up to $10,000,000 for information on DarkSide leadership individuals. It includes the information on their location or identification. Also the Department promises up to $5,000,000 for information that will bring DarkSide affiliates to arrest and/or conviction.

“More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The Department has paid more than $135 million in rewards to date,” goes also in an announcement issued.

The DarkSide ransomware used quite sophisticated techniques

The DarkSide ransomware group made headlines this summer when they attacked a major fuel supplier in the US. They forced the Colonial Pipeline Company to stop the work of the 5,500-mile pipeline. This particular line carries 45 percent of the fuel used on the East Coast of the United States. The incident happened in May 2021. And it was the first time the company had to stop the work in almost 57 years. Subsequently Colonial Pipeline paid a $4.4 million ransom shortly after the hack.

Bounty rewards for DarkSide ransomware hackers
The most famous attack by DarkSide

Cyber security specialists say this ransomware variant is relatively new. Hackers used it to target different large corporations with high-revenue. They encrypted and stole sensitive data forcing the victim to pay double extortions. Hackers demanded money not only for the decryption of files but also for their recovery. Usually if the victim did not seem to pay the money the hacker would make threats of publicly disclosing the data.

Cyber security specialists first detected the DarkSide ransomware in August 2020. Since then hackers made updates in March 2021. The ransomware operated as ransomware-as-a-service (RaaS). The attackers used quite sophisticated techniques in conducting onslaughts. They got the initial access by exploiting Public-Facing Applications (e.g. RDP), Impair Defenses and Privilege Escalation. Hacker made use of CVE-2020-3992 and CVE-2019-5544 vulnerabilities. Although those have widely available patches, hackers primarily targeted the organization without them.

How to stay safe from ransomware?

Even though the ransomware primarily targets big companies nowadays it’s always better to secure yourself in any case possible. You can do so by keeping to the small tips on preventing the ransomware attack:

  • Create strong and complex passwords for login accounts;
  • Set up a lockout policy that fends off the possibility to guess credentials;
  • Use VPN to access the network, rather than exposing RDP to the Internet. Perhaps implement Two Factor Authentication (2FA);
  • Switch off the RDP if it is not used. If necessary, replace the RDP port to a non-standard port;
  • Protect systems from ransomware by backing up main files routinely and have a recent backup copy offline. Encrypt your backup;
  • Always have your security software (firewall,antivirus,etc.) up to date to keep your computer safe from malware.
    • Tags
    Photo of Andrew Nail

    Andrew Nail

    Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.
    Leave a Reply

    Leave a Reply

    Back to top button