Things are getting serious in Fiat-land. The DarkSide saga continues with a press release from the U.S. Department of State that offers up to $10M for “information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.” Plus, up to $5M for “information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”
Interesting. As you probably remember, this group’s software was at the heart of the Colonial Pipeline hack and ransomware attack. It was never clear who was responsible since DarkSide offers a ransomware-as-a-service platform, but the U.S Department of State is having none of that. They clearly declare that:
“The DarkSide ransomware group was responsible for the Colonial Pipeline Company ransomware incident in May 2021, which led to the company’s decision to proactively and temporarily shut down the 5,500-mile pipeline that carries 45 percent of the fuel used on the East Coast of the United States.”
Ok, that settles it, then.
Nevertheless, let’s explore.
What Is DarkSide, Exactly?
To do this right, we have to quote the people in the know. According to reporter and computer security expert Brian Krebs:
“First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits.”
We’re not remotely suggesting that what they are doing is right. Ransomware attacks are a crime. And they’re affecting the whole crypto space by using our coins for nefarious purposes.
That being said, there’s obviously more to this story.
Where Does Ransomware Come From, Exactly?
We hate to do this, but the core of ransomware software comes directly from the NSA.
“The hackers are able to use tools stolen from the NSA, like the Eternal Blue malware, to encrypt all the files on an infected machine, and then they demand a ransom, usually in Bitcoin, for the keys to decrypt the data.”
That means as much as each one wants it to mean. A question remains, though. Why use Bitcoin for this? Each and every transaction is forever recorded in the blockchain. What criminal wants to leave an unbreakable trail like this one?
BTC price chart for 11/04/2021 on Bitstamp | Source: BTC/USD on TradingView.com
Will The Reward Work? Will They Get DarkSide With This?
Let’s not kid ourselves, $10M is a lot of money. The Department of State is not playing around. However, DarkSide is just an intermediary, they provide the software for others to use. Or so it seems. Would an arrest stop ransomware as a whole? Probably not. But it would send a strong message.
How effective are these rewards historically? The press release says:
“More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The Department has paid more than $135 million in rewards to date.”
So, 75 criminals in 35 years, and $135M in rewards in the same period. That doesn’t seem like a lot. This could mean that the program is not that effective. It could also mean that this time they are serious and want immediate results. Did they fatten the budget just for the DarkSide group? It seems that’s the case. Let’s keep an eye on the story to see how it develops. The DarkSide saga continues.
Featured Image by Khusen Rustamov from Pixabay - Charts by TradingView