How a cybersecurity firm unintentionally helped DarkSide improve its ransomware

Cyberattack victims have limited options on gathering resources to mitigate damages after being attacked by a hacker group. This encourages some cybersecurity firms to use the media to share their resources, which can alert hacker groups to software vulnerabilities, according to a May 24 article published in MIT Technology Review.

Six things to know:

1. DarkSide, the cybergang behind the ransomware attack on the Colonial Pipeline, had attacked dozens of American companies before it struck the pipeline. On Jan. 11, antivirus company Bitdefender said it detected a flaw in DarkSide's coding. If companies under attack downloaded Bitdefender's free tool, they could avoid paying millions of dollars in ransom to the hacker group. 

2. When Bitdefender announced this flaw, two other researchers had already found it a month prior and were discreetly looking to help victims. When Bitdefender publicized the tool, it alerted DarkSide to the software flaw. The next day, DarkSide had already repaired the problem. DarkSide said in a post on the dark web, "Special thanks to Bitdefender for helping fix our issues. This will make us even better."

3. According to MIT Technology Review, this is part of a pattern of cybersecurity firms using public outlets to share private details to attract clients. 

4. Bitdefender stands by its decision to announce the security flaws because companies held ransom don't have anywhere else to turn. Bogdan Botezatu, director of threat research at Bitdefender, said it published its decryption tool "because most victims who fall for ransomware do not have the right connection with ransomware support groups and won't know where to ask for help unless they can learn about the existence of tools from media reports or with a simple search."

5. A worldwide volunteer group called the Ransomware Hunting Team has decrypted more than 300 ransomware strains and variants. These companies operate discreetly so that hacker groups are not alerted, but this minimizes the number of victims that learn there is help.

6. For comparison, the FBI is rarely able to decrypt ransomware or arrest hackers, who usually live in countries where there are no extradition agreements with the U.S., such as Iran or Russia. More victims are able to get help from the Hunting Team than from federal organizations, the report said.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars