Bounty rewards to hunt DarkSide ransomware hackers

The US Department of Justice announced a money reward of up to $10,000,000 for information on DarkSide leadership individuals. It includes the information on their location or identification. Also the Department promises up to $5,000,000 for information that will bring DarkSide affiliates to arrest and/or conviction.

“More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The Department has paid more than $135 million in rewards to date,” goes also in an announcement issued.

The DarkSide ransomware used quite sophisticated techniques

The DarkSide ransomware group made headlines this summer when they attacked a major fuel supplier in the US. They forced the Colonial Pipeline Company to stop the work of the 5,500-mile pipeline. This particular line carries 45 percent of the fuel used on the East Coast of the United States. The incident happened in May 2021. And it was the first time the company had to stop the work in almost 57 years. Subsequently Colonial Pipeline paid a $4.4 million ransom shortly after the hack.

Cyber security specialists say this ransomware variant is relatively new. Hackers used it to target different large corporations with high-revenue. They encrypted and stole sensitive data forcing the victim to pay double extortions. Hackers demanded money not only for the decryption of files but also for their recovery. Usually if the victim did not seem to pay the money the hacker would make threats of publicly disclosing the data.

Cyber security specialists first detected the DarkSide ransomware in August 2020. Since then hackers made updates in March 2021. The ransomware operated as ransomware-as-a-service (RaaS). The attackers used quite sophisticated techniques in conducting onslaughts. They got the initial access by exploiting Public-Facing Applications (e.g. RDP), Impair Defenses and Privilege Escalation. Hacker made use of CVE-2020-3992 and CVE-2019-5544 vulnerabilities. Although those have widely available patches, hackers primarily targeted the organization without them.

How to stay safe from ransomware?

Even though the ransomware primarily targets big companies nowadays it’s always better to secure yourself in any case possible. You can do so by keeping to the small tips on preventing the ransomware attack: