This week I sat down with Managing Partner John Clary to talk about the group Darkside. If you have not heard, this group is responsible for the recent Colonial Pipeline hack. Now the gas shortage was not their intent behind the attack, but it shows just how vulnerable our infrastructure is.
History of Darkside
They live in Russia but hide in Iran. Over the past year they have increased their hacks to not only stealing your data but also releasing it to the public. So now you have to pay for them to decrypt it for you and not to release it. They will hit anyone and everyone, no company is too big or too small. Yet, recently they mostly target manufacturing companies. In our episode we have a list of all the recent list of victims. Which is a very large list with a few companies that might surprise you.
We have a copy of their classic ransom note. The information they will steal from you will be your: banking information, financial, personal data on clients, details of agreements, terms of cooperation, information on the companies’ activities and so much more. Basically, how it works is; you get the ransom note, then you go into the system to find what has been taken. From the note you will be taken to a Darkweb site that gives you all the information that you will need. (The account number to send money to and all of your encrypted files). Youlikely have hired a Cyber Security Agency to help you with the process. They work with a large number of Cyber Security Agencies but surprisingly enough they do not want any interactions with Coveware. This is because Coverware does not want to do business with them.
Now we know the whole country panicked over the “gas shortage” but in reality Colonial Pipeline paid the Darkside long before the news even picked up on this incident.
Of course as always, we will leave you with some tips on how to not become a victim.
- Get yourself a security partner. 90% of incidents that Bob sees are things that could easily have been avoided if they had taken some preventative measures.
- Make sure you test and train your network.
- Lastly, plan for an incident. Have backup software and levels of protection but make sure that you test your network to make sure there are no holes.
Watch episode 20 here.