Darkside ransomware gang has better processes than some businesses

Within the many conversations we have with cybersecurity experts there is a common thread that warrants plucking on.

That thread is that cybercrime operations are becoming increasingly, for want of a better word, professional. While you might imagine hackers filling up basements, it’s more likely that a cybercrime outfit is located in a high-rise building with services like a press room for instance.

At least that’s the case with the Darkside ransomware gang which Kaspersky has been studying for some time now.

The gang behaves as if it were an enterprise and, if we’re honest, some businesses could take a leaf out of the gang’s book.

For example, Darkside features what we’d describe as a press centre on its website. Here journalists can ask questions and receive notifications about breaches before they are made public. Hell, the gang even promises to respond to queries within 24 hours, something most companies don’t even do.

Beyond that Darkside also doesn’t appear to be as worried about collaboration as some businesses are. Kaspersky reports that the gang works with decryption companies to decrypt data.

Something that does raise an eyebrow however is Darkside’s claim that it donates a portion of its income to charity. While this could be a Robin Hood approach to wealth redistribution, we’re curious what charities Darkside donates to and whether those organisations would be comfortable accepting money from a criminal organisation.

That having been said, Darkside also has a code of ethics which includes claims that it doesn’t attack medical companies, funeral services, educational institutions, non-profit organisations, or government companies.

However, Kaspersky refutes this claim by pointing to a hack in which Darkside threatened to publish data that was gleaned from schools. While the target wasn’t a school, the data they had did come from a school.

The aspect of Darkside that blew us away however was the fact that it’s paying for market analysis.

“Before publishing information, they [Darkside] study the contacts of the company and identify well-known customers, partners and competitors. Kaspersky experts state that the main purpose of this is to maximise target damage, to intimidate victims and to increase the chances of getting a ransom,” Kaspersky explains.

But is this all being done in an effort to keep up appearances? Of course but then we could argue the same point for legitimate businesses.

We’re not saying you should trust cybercrime organisations, but rather understand that these organisations have the funds to not only hone attacks but increase the likelihood of a successful attack.

Cybercriminals are not huddled together in a basement anymore and if you aren’t taking cybersecurity seriously, perhaps the vision of a cybercrime organisation operating in your office block sometime soon will.

As Kaspersky says, the best way to fight these gangs and organisations is to protect yourself and please, never pay the ransom for your data.

[Image – CC 0 Pixabay]


About Author


Related News