An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation
Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.
Primer: Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers.
On January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.
But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”
“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”
DarkSide soon proved it wasn’t bluffing, unleashing a string of attacks. This month, it paralyzed the Colonial Pipeline Co., prompting a shutdown of the 5,500-mile pipeline that carries 45% of the fuel used on the East Coast—quickly followed by a rise in gasoline prices, panic buying of gas across the Southeast, and closures of thousands of gas stations. Absent Bitdefender’s announcement, it’s possible that the crisis might have been contained, and that Colonial might have quietly restored its system with Wosar and Gillespie’s decryption tool.
Instead, Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files. “I will admit that I wasn’t comfortable seeing money go out the door to people like this,” CEO Joseph Blount told the Wall Street Journal.
The missed opportunity was part of a broader pattern of botched or half-hearted responses to the growing menace of ransomware, which during the pandemic has disabled businesses, schools, hospitals, and government agencies across the country. The incident also shows how antivirus companies eager to make a name for themselves sometimes violate one of the cardinal rules of the cat-and-mouse game of cyberwarfare: Don’t let your opponents know what you’ve figured out. During World War II, when the British secret service learned from decrypted communications that the Gestapo was planning to abduct and murder a valuable double agent, Johnny Jebsen, his handler wasn’t allowed to warn him for fear of cluing in the enemy that its cipher had been cracked. Today, ransomware hunters like Wosar and Gillespie try to prolong the attackers’ ignorance, even at the cost of contacting fewer victims. Sooner or later, as payments drop off, the cybercriminals realize that something has gone wrong.
Whether to tout a decryption tool is a “calculated decision,” said Rob McLeod, senior director of the threat response unit for cybersecurity firm eSentire. From the marketing perspective, “You are singing that song from the rooftops about how you have come up with a security solution that will decrypt a victim’s data. And then the security researcher angle says, ‘Don’t disclose any information here. Keep the ransomware bugs that we’ve found that allow us to decode the data secret, so as not to notify the threat actors.’”
In a post on the dark web, DarkSide thanked Bitdefender for identifying a flaw in the gang’s ransomware. (Highlight added by ProPublica.)
Wosar said that publicly releasing tools, as Bitdefender did, has become riskier as ransoms have soared and the gangs have grown wealthier and more technically adept. In the early days of ransomware, when hackers froze home computers for a few hundred dollars, they often couldn’t determine how their code was broken unless the flaw was specifically pointed out to them.
Today, the creators of ransomware “have access to reverse engineers and penetration testers who are very very capable,” he said. “That’s how they gain entrance to these oftentimes highly secured networks in the first place. They download the decryptor, they disassemble it, they reverse-engineer it, and they figure out exactly why we were able to decrypt their files. And 24 hours later, the whole thing is fixed. Bitdefender should have known better.”
It wasn’t the first time Bitdefender trumpeted a solution that Wosar or Gillespie had beaten it to. Gillespie had broken the code of a ransomware strain called GoGoogle, and was helping victims without any fanfare, when Bitdefender released a decryption tool in May 2020. Other companies have also announced breakthroughs publicly, Wosar and Gillespie said.
“People are desperate for a news mention, and big security companies don’t care about victims,” Wosar said.
Bogdan Botezatu, director of threat research at Bucharest, Romania–based Bitdefender, said the company wasn’t aware of the earlier success in unlocking files infected by DarkSide.
Regardless, he said, Bitdefender decided to publish its tool “because most victims who fall for ransomware do not have the right connection with ransomware support groups and won’t know where to ask for help unless they can learn about the existence of tools from media reports or with a simple search.”
Bitdefender has provided free technical support to more than a dozen DarkSide victims, and “we believe many others have successfully used the tool without our intervention,” Botezatu said. Over the years, Bitdefender has helped individuals and businesses avoid paying more than $100 million in ransom, he said.
Bitdefender recognized that DarkSide might correct the flaw, Botezatu said: “We are well aware that attackers are agile and adapt to our decryptors.” But DarkSide might have “spotted the issue” anyway. “We don’t believe in ransomware decryptors made silently available. Attackers will learn about their existence by impersonating home users or companies in need, while the vast majority of victims will have no idea that they can get their data back for free.”
The attack on Colonial Pipeline, and the ensuing chaos at the gas pumps throughout the Southeast, appears to have spurred the federal government to be more vigilant. President Joe Biden issued an executive order to improve cybersecurity and create a blueprint for a federal response to cyberattacks. DarkSide said it was shutting down under US pressure, although ransomware crews have often disbanded to avoid scrutiny and then re-formed under new names, or their members have launched or joined other groups.
“As sophisticated as they are, these guys will pop up again, and they’ll be that much smarter,” said Aaron Tantleff, a Chicago cybersecurity attorney who has consulted with 10 companies attacked by DarkSide. “They’ll come back with a vengeance.”
At least until now, private researchers and companies have often been more effective than the government in fighting ransomware. Last October, Microsoft disrupted the infrastructure of Trickbot, a network of more than 1 million infected computers that disseminated the notorious Ryuk strain of ransomware, by disabling its servers and communications. That month, ProtonMail, the Swiss-based email service, shut down 20,000 Ryuk-related accounts.
Wosar and Gillespie, who belong to a worldwide volunteer group called the Ransomware Hunting Team, have cracked more than 300 major ransomware strains and variants, saving an estimated 4 million victims from paying billions of dollars.
By contrast, the FBI rarely decrypts ransomware or arrests the attackers, who are typically based in countries like Russia or Iran that lack extradition agreements with the US. DarkSide, for instance, is believed to operate out of Russia. Far more victims seek help from the Hunting Team, through websites maintained by its members, than from the FBI.
The US Secret Service also investigates ransomware, which falls under its purview of combating financial crimes. But, especially in election years, it sometimes rotates agents off cyber assignments to carry out its better-known mission of protecting presidents, vice presidents, major-party candidates, and their families. European law enforcement, especially the Dutch National Police, has been more successful than the US in arresting attackers and seizing servers.
Similarly, the US government has made only modest headway in pushing private industry, including pipeline companies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided among an alphabet soup of agencies, hampering coordination. The Department of Homeland Security conducts “vulnerability assessments” for critical infrastructure, which includes pipelines.
It reviewed Colonial Pipeline in around 2013 as part of a study of places where a cyberattack might cause a catastrophe. The pipeline was deemed resilient, meaning that it could recover quickly, according to a former DHS official. The department did not respond to questions about any subsequent reviews.
Five years later, DHS created a pipeline cybersecurity initiative to identify weaknesses in pipeline computer systems and recommend strategies to address them. Participation is voluntary, and a person familiar with the initiative said that it is more useful for smaller companies with limited in-house IT expertise than for big ones like Colonial. The National Risk Management Center, which oversees the initiative, also grapples with other thorny issues such as election security.
Ransomware has skyrocketed since 2012, when the advent of Bitcoin made it hard to track or block payments. The criminals’ tactics have evolved from indiscriminate “spray and pray” campaigns seeking a few hundred dollars apiece to targeting specific businesses, government agencies and nonprofit groups with multimillion-dollar demands.
Attacks on energy businesses in particular have increased during the pandemic—not just in the US but in Canada, Latin America, and Europe. As the companies allowed employees to work from home, they relaxed some security controls, McLeod said.
Pony has been authorized to test autonomous vehicles with safety drivers in California since 2017, but the new permit will let it test six autonomous vehicles without safety drivers on specific streets in Fremont, Alameda County; Milpitas, Santa Clara County; and Irvine, Orange County. According to the DMV, the vehicles are designed to be driven on roads with speed limits of 45 miles per hour or less, in clear weather and light precipitation. The first testing will be in Fremont and Milpitas on weekdays between 10AM and 3PM.
A total of 55 companies have active permits to test driverless vehicles in California according to the DMV, but Pony is only the eighth company to receive a driverless testing permit, joining fellow Chinese companies AutoX, Baidu, and WeRide, along with US companies Cruise, Nuro, Waymo, and Zoox. Nuro is the only company so far to receive a deployment permit that allows it to operate its autonomous vehicles in California commercially.
Pony.ai, which is based in Guangzhou and Silicon Valley, was valued at $3 billion after a $400 million investment from Toyota last year. The company said earlier this month its robotaxis will be ready for customers in 2023. Pony claims it’s the first company to launch autonomous ride-hailing and provide self-driving car rides to the general public in China.
***
More than 100 American cities, towns and counties have purchased surveillance systems made in China that the U.S. government has restricted for use by its own agencies, according to a new study.
Critics say China’s ruling Commnist Party has used the system to crush dissent at home and repress minorities.
Thermal-imaging and video technology from companies Dahua and Hikvision cost municipalities many thousands of dollars, according to the new report from IPVM, video surveillance researchers, and TechCrunch, a tech-focused publication.
China has allegedly relied on Hikvision and Dahua to surveil the Uyghur Muslim minority population in China. Dahua denies that its technology targets ethnic groups and also has rejected allegations of impropriety it says were implied in the 2019 defense authorization law.
The FY 2019 National Defense Authorization Act prohibited the use of Hikvision and Dahua by federal agencies for public safety, security and surveillance purposes. The study found that local governments did not stop purchasing the technology even after it was effectively banned at the federal level.
“The biggest spender, according to data and as previously reported by IPVM, showed that the Board of Education in Fayette County, Georgia, spent $490,000 in August 2020 on dozens of Hikvision thermal cameras, used for temperature checks at public schools,” wrote TechCrunch’s Zack Whittaker.
Hikvision created a map of where the technology was purchased in the U.S. since 2015 and reported that Dahua and Hikvision technology sales to U.S. government entities rose 80% between 2019 and 2020 because of its fever-camera sales.
CNA is the seventh largest commercial insurer in the United States as of 2018. CNA provides property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe and Asia.
CNA itself is 90% owned by a holding company, Loews Corporation. This holding company also has interests in offshore oil and gas drilling rigs, natural gas transmission pipelines, oil and gas exploration, hotel operations and package manufacturing.
CNA Financial, one of the largest US insurance companies, paid $40 million to free itself from a ransomware attack that occurred in March, according to a report from Bloomberg. The hackers reportedly demanded $60 million when negotiations started about a week after some of CNA’s systems were encrypted, and the insurance company paid the lower sum a week later.
If the $40 million figure is accurate, CNA’s payout would rank as one of the highest ransomware payouts that we know about, though that’s not for lack of trying by hackers: both Apple and Acer had data that was compromised in separate $50 million ransomware demands earlier this year. It also seems like the hackers are looking for bigger payouts: just this week we saw reports that Colonial Pipeline paid a $4.4 million ransom to hackers. While that number isn’t as staggering as the demands made to CNA, it’s still much higher than the estimated average enterprise ransomware demand in 2020.
Law enforcement agencies recommend against paying ransoms, saying that payouts will encourage hackers to keep asking for higher and higher sums. For its part, CNA told Bloomberg that it wouldn’t comment on the ransom, but that it had “followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.” In an update from May 12, CNA says that it believes its policyholders’ data were unaffected.
According to Bloomberg, the ransomware that locked CNA’s systems was Phoenix Locker, a derivative of another piece of malware called Hades. Hades was allegedly created by a Russian group with the Mr. Robot-esque name Evil Corp.
***
Ransomware Attack Payment
Ransomware attack payments are rarely disclosed. According to Palo Alto Networks, the average payment in 2020 was $312,493, and it is a 171% increase from the payments that companies made in 2019.
The $40 million payment made by CNA Financial is bigger than any previously disclosed payments to hackers, The Verge reported.
Disclosure of the payment is likely to draw the ire of lawmakers and regulators that are already unhappy that companies from the United States are making large payouts to criminal hackers who, over the last year, have targeted hospitals, drug makers, police forces, and other entities that are critical to public safety.
The FBI discourage organizations from paying ransom because it encourages additional attacks and does not guarantee that data will be returned.
Ransomware is a type of malware that encrypts the data of the victim. Cybercriminals using ransomware usually steal the data too. The hackers, then, ask for a payment to unlock the files and promise not to leak stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom.
Last year was a banner year for ransomware groups, with security experts and law enforcement agencies estimating that victims paid about $350 million in ransom. The cybercriminals took advantage of the pandemic, a time when hospitals, medical companies, and insurance companies were the busiest.
As per Bloomberg’s report, CNA Financial initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. However, within a week, the company decided to start negotiations with the hackers, who were demanding $60 million.
The ransomware cyberattack interrupted the company’s employee and customer services for three days as the firm closed down “out of an abundance of caution” to prevent further damage. Certain CNA systems were impacted, including corporate email.
The anticipation is growing as we wait for the report that is slated to be released June 1st. Take notes from the text below if you want some details beyond flying saucers and green people…
The sightings which are not only common in the United States but they too are reported by other countries across the globe. Will these sightings be fully explained? Not likely. So here is a primer for the reader to consider:
We are often told that the weird things in the heavens above are weather balloons, so just accept that answer. Well, there are balloons in the skies and they are not commonly for weather. In fact, those balloons have some very secretive objectives.
These high-altitude balloons are the property of Raven Aerostar, a division of Raven Industries, based in Sioux Falls, South Dakota. In recent years, Raven Aerostar has been known for its collaboration with Google’s parent company Alphabet in Project Loon, an ambitious venture intended to extend Internet access to rural areas. The “Loon balloons” were designed by Raven Aerostar to fly at high altitude for extremely long durations. Project Loon announced it would shut down in January this year, despite making significant technical strides. Since then, Raven Aerostar has continued to develop its balloon technologies for other sectors, notably in the realm of intelligence and defense.
ADSBExchange.com
The high altitude balloons as seen on flight trackers off Southern California. They have caught people’s attention especially due to the fact that they can stay on station for long periods of time, seemingly flying against the prevailing winds in the area.
The vehicles appear to be derivatives of Raven Aerostar’s Thunderhead balloon system. The Thunderhead balloons are designed to be able to persist over an area of interest in order to carry out a wide variety of tasks. According to the company, common applications include intelligence, surveillance, and reconnaissance (ISR) missions and acting as communications relays. Additionally, the balloons can also serve roles in augmenting navigational systems.
Their recent appearance over both coasts of the United States appears to be a test of exactly this networking capability. Federal Communications Commissions records reflect an approved license for one of Raven Aerostar’s subsidiaries, Aerostar Technical Solutions, to fly balloons within a two hundred-mile radius around Vista, California from May 9th until May 30th this year.
The stated purpose is to test networked radio systems, the Silvus 4400E and Silvus 4200E, on the high altitude balloons. Although the application only lists the California locations, further correspondence in FCC records show a conversation about permitting additional locations on the East Coast:
Official Email
The company appears to have aggressively pursued its balloon testing in recent years, with experimental radio license applications dating back until at least February 2020. Balloon tests had previously been approved and conducted across the Southeast and Southwest. For example, residents of Jackson, Mississippi may have noticed a meandering balloon track around May 4th this year. Click here for more crazy details.
In December 2020, the government enacted the Intelligence Authorization Act, which called for the release of an unclassified and all-sources report on unidentified aerial phenomenon (UAP) — the official military term used for unidentified flying objects. The act was included in the mammoth appropriations bill that also included financial aid checks for people living with the economic fallout from Covid-19.The report will include a thorough analysis of
Available data
Intelligence reporting on UAPs
It will be presented to the congressional intelligence and armed services committees on UAPs.
When the Pentagon officially released the footage of the unidentified aircraft last year, the agency admitted that the videos aren’t exactly sure what is going on in the video, and that they cannot explain how the crafts are able to pull such maneuvers.
It remains unclear whether the government believes these to be sightings of foreign aircrafts using technologies unfamiliar to the United States, or whether they believe the craft are not of this world.
What else should we be asking? Well, the military and the intelligence community has some exceptional tools that are helpful in this quest so we may wonder if they are used in processing this report. Tools such as Geo-Spatial, DARPA, and then the known and unknown tools of the Space Force.
There is spacial wide-and communications, satellites (beyond line of sight) and geospatial intelligence that could or should be exploited in this mission of identification.
But wait…there are non-government agencies as well that often contract to government agencies such as Maxar.
From a 2019 blog post on the Maxar site is the following for consideration:
The Space Safety Coalition (SSC) issued the “Best Practices for Sustainability of Space Operations.” This document, co-signed by 21 space companies, advocates that any spacecraft operating at 400 kilometers or more above Earth should include a propulsion system for maneuvering, allowing each spacecraft to move itself out of a potential collision path instead of relying on others to always maneuver around it, as well as a number of other common sense principles. This will create a safer space environment for all to operate in now and for generations to come.
Maxar Technologies fully endorses the “Best Practices for Sustainability of Space Operations” and encourages Congress to introduce legislation based on these best practices. Below is Maxar’s reasoning for supporting the “Endorsement of Best Practices for Sustainability of Space Operations.”
We rely on space for our everyday lives. Weather satellites enable us to forecast the next snowstorm, so we can stock up on food. GPS lets us navigate to a new destination, using maps that come from imaging satellites. GPS also provides the precise timing used for banking transactions and to make it possible for cell phones—and banking transactions—to work. And, of course, there is NFL Sunday Ticket on DirecTV.
Space is also a big place. To put this into context, between the lowest practical orbit (350 km above Earth’s surface) and geostationary orbit (100 times further up, at 35,000 km), the volume of “near Earth” space is about 270 times the volume of Earth! Current estimates indicate there’s 29,000 objects that are 4 inches or bigger being tracked in that space [1], so it seems like it would be pretty empty and we don’t have to worry about collisions, right?
Well, not exactly. There’s another aspect of space: orbital velocity. Satellites in space don’t stand still, but zip around in their orbits at high speed. In low earth orbit (closest to Earth’s gravitation pull), this is around 7.6 km/sec, or over 16,000 miles an hour! If two objects in space collide, it’s not a gentle nudge but rather a big resounding KABOOM. This results in a lot more small pieces of debris that need to be tracked. If you’re lucky, the collision may knock off a corner of your solar array, like happened when Maxar’s WorldView-2 satellite was hit back in 2016 by a small piece of debris. Fortunately, this had no impact on WorldView-2’s ability to operate. If you’re unlucky, you get a collision like the one between a defunct Russian Cosmos satellite and an Iridium communications satellite back in 2009, which was responsible for nearly doubling the amount of debris in that orbital band.
I’ve mentioned there are about 29,000 tracked objects in space. But there are a lot more pieces too small to track – an estimated 166 million pebble sized pieces [1] are zipping around in space.
While the probability of one of these pieces hitting a satellite is small (on the order of a million to one chance), each collision makes the problem worse. There’s actually a term for this, the Kessler Syndrome, in which each collision makes the problem exponentially worse. We don’t want that to happen, because if it did, it could make certain regions of near Earth space completely unusable for satellites or humans.
Fortunately, we’re quite a long time away from space becoming unusable. Companies are creating new ways to track objects on orbit, including a new commercial solution Maxar is testing, which is the first step in containing the space debris problem. But space, similar to other common areas (like the oceans), requires responsible actions by all space operators to keep it usable for future generations. This is where rules of the road come in, and I’d like to lay out a few common sense ones:
Propulsion. Spacecraft operating above 400 km altitude should be required to carry propulsion to executive timely and effective avoidance maneuvers. It’s simply not acceptable for a satellite operator to place the burden of avoiding a collision on other satellite operators; it’s everyone’s responsibility. This is why SSC‘s “Best Practices for Sustainability of Space Operations” advocates for spacecraft operators to adopt space operations concepts that enhance sustainability of the space environment. Why 400 kilometers? It’s a natural dividing line; the International Space Station operates at 403 km altitude (nobody wants to see the movie “Gravity” played out in real life), and below 400 km, atmospheric drag is enough to make those orbits “self-cleaning” (see below).
Encryption. Satellites with propulsion should be required to have encryption and authentication on their command link, to ensure that only the satellite operator can control how the propulsion is used. We don’t want a hacker to take control of a satellite and maneuver it into the path of another one to cause an intentional collision.
Navigation. Satellites with propulsion should be able to determine their position, and the operators of these satellites should be required to share this position data (along with any planned maneuvers) with a central repository, such as the Combined Space Operations Center (formerly known as the Joint Space Operations Center [JSpOC]), to facilitate safe navigation by all satellite operators. The U.S. government is working on a plan to move this repository to a civilian agency, such as the U.S. Department of Commerce, to enable a more open and accessible repository for all global satellite operators. This is akin to the use of automatic identification system (AIS) transponders in ocean-going vessels, which broadcast their location to other ships using AIS to enable safe navigation, and the data is available publicly online.
Littering. Satellites and launch vehicles need to be designed so they do not throw off debris during or after launch. While already largely adopted, it’s important that launch providers and space operators have a plan to deorbit launch materials at the end of their life or move them to a safe orbit that’s out of the way and won’t have collision risks.
We could, however, designate the region below 400 km altitude as an “experimental” zone where the above requirements would not be imposed. These orbits are low enough that any debris will tend to reenter Earth’s atmosphere, burning up within weeks to months, making them much less of a concern. And few, if any, commercial or government satellites operate at those altitudes. Leaving the below-400 km region available without the above restrictions makes operating in space still affordable for operators of the growing number of inexpensive, experimental or educational cubesats.
The commercial and government use of space is accelerating rapidly. It’s time we have a way to regulate space traffic, just like how traffic on Earth is controlled. Even though the first gas-powered automobile was created in the 1880s, it took until the 1910s (three decades!) to bring some sensibility to who had the right-of-way on the road with the invention of the stop light.
Maxar along with the other co-signers of the SSC believe it’s time to bring sensibility to space. We’re asking the U.S. space industry to unite behind these best practices and talk to their senators and representatives about introducing legislation that reflect these best practices. We ask our international industry partners to bring these ideas to their respective governments for consideration. The “Best Practices for Sustainability of Space Operations” is a starting point to getting rules of the road established in space – but, in the big picture, all four common sense principles I’ve outlined above need to be implemented to keep space a safe environment available now and in the years to come.
A big hat tip to the work of law enforcement but which agency remains unknown at this point.
Shutting down the servers of DarkSide is a great achievement but not before there were other victims such as Toshiba.
A Toshiba Corp (6502.T) unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors.
Toshiba Tec Corp (6588.T), which makes products such as bar code printers and is valued at $2.3 billion, was hacked by DarkSide – the group widely believed to be behind the recent Colonial Pipeline attack, its French subsidiary said.
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.
“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom.
“Hosting support, apart from information ‘at the request of law enforcement agencies,’ does not provide any other information,” the DarkSide admin says. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address.”
DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.
“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions read.
The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.
The REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the “social sector” (defined as healthcare and educational institutions) and organizations in the “gov-sector” (state) of any country. Affiliates also will be required to get approval before infecting victims.
The new restrictions came as some Russian cybercrime forums began distancing themselves from ransomware operations altogether. On Thursday, the administrator of the popular Russian forum XSS announced the community would no longer allow discussion threads about ransomware moneymaking programs.
“There’s too much publicity,” the XSS administrator explained. “Ransomware has gathered a critical mass of nonsense, bullshit, hype, and fuss around it. The word ‘ransomware’ has been put on a par with a number of unpleasant phenomena, such as geopolitical tensions, extortion, and government-backed hacks. This word has become dangerous and toxic.”
In a blog post on the DarkSide closure, cyber intelligence firm Intel 471 said it believes all of these actions can be tied directly to the reaction related to the high-profile ransomware attacks covered by the media this week.
“However, a strong caveat should be applied to these developments: it’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” Intel 471 wrote. “A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants. Additionally, the operators will have to find a new way to ‘wash’ the cryptocurrency they earn from ransoms. Intel 471 has observed that BitMix, a popular cryptocurrency mixing service used by Avaddon, DarkSide and REvil has allegedly ceased operations. Several apparent customers of the service reported they were unable to access BitMix in the last week.”
***
“The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said.” reported TheRecord.
The news was revealed by a member of REvil ransomware gang, known as ‘UNKN,’ in a forum post on the Exploit hacking forum. The post was first spotted by Recorded Future researcher Dmitry Smilyanets, it includes a message allegedly from DarkSide explaining how the gang lost access to their blog, payment servers, and DDoS servers as a result of an action conducted by law enforcement action. source
“Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely:
Blog.
Payment server.
DOS servers.”
reads the post from UNKN.“Now these servers are unavailable via SSH, the hosting panels are blocked. Hosting support, apart from information “at the request of law enfocement agencies”, does not provide any other information.”
/cdn.vox-cdn.com/uploads/chorus_image/image/69328731/1142319105.0.jpg)
