In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.
Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas pumps in the Southeast.
DarkSide made off with a $5 million ransomware payout from Colonial to decrypt its frozen systems but published a mea culpa over the uproar, emphasizing that it was in it for the cash, not to disrupt people’s lives. The ransomware-as-a-server (RaaS) gang’s servers were subsequently shuttered. A week later, DarkSide got hauled into the underground’s “Hacker’s Court” for failing to pay its affiliates.
Those are a lot of ripples. But don’t expect the repercussions to end there, said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. If there’s one thing we’ve learned about ransomware, it’s that initial attacks can lead to second-stage backdoors. “Cybercriminals [try] to make a payday, with … [groups like DarkSide], and then [look] at how they can rinse, wash and repeat,” he said. “The reality is that there’s going to be more that follows on this. … I fully expect [that DarkSide isn’t] just going to walk away. I think they’re going to try to maximize these [attacks].”
In this Threatpost podcast, Manky discusses trends in ransomware, calling it a “mixed bag.” The crooks are exploiting vulnerabilities; they’re going after the topic of the day, setting their sights on people returning to offices after more than a year of work-from-home by sending fake CIO communications about new company COVID protocols; and they’re sending weaponized emails: for example, malicious Excel workbook attachments were dropping TrickBot.
Hosted by Threatpost host Cody Hackett, Fortinet’s Manky touches on today’s most topical and successful attack vectors and lures. Learn how ransomware distributors and affiliates pick their own poison in order to attack victims, and how to shore up your company’s defenses against this mixed bag of attacks.