DarkSide ransomware servers taken down

Topic

New Reply

After reportedly receiving $5 million for the pipeline and $4 for another victim, the DarkSide servers have been shut down per Bleeping computer. Note
[See the full post at: DarkSide ransomware servers taken down]

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Replies

Will Colonial Pipeline stand to trial and pay hefty penalties for paying the ransom ?

U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals

…Recently, however, the U.S. government has not so gently reminded companies that they, their cyber insurers and third parties that assist in facilitating payments to cybercriminals might be subject to liability and hefty penalties under federal laws. On October 1, 2020, the U.S. Department of the Treasury issued an advisory on potential risks of sanctions for organizations that facilitate ransom payments….

2 users thanked author for this post.

Mele20, JohnS1606

Reply | Quote

If it’s in the interest of the economy, I’m sure a blind eye will be turned.
FBI would have asked them to pay, so they could track and trace to the destination hence shut it down.

Windows - commercial by definition and now function...

1 user thanked author for this post.

JohnS1606

Reply | Quote

Key words are ‘might be’. That’s an indicator Section 1 of the Bluff Act is being used.

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

2 users thanked author for this post.

Mele20, JohnS1606

Reply | Quote

the other victim got off lighlty then eh, $4, happy days!

Windows - commercial by definition and now function...

Reply | Quote

I have read the “Bleeping computer” article linked by Susan, with the disclosed message from the pipeline-nappers announcing the problem to their “customers” and I love it!, it reads like a standard mealy-mouthed business report:

“Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely : Blog, Payment server, DOS servers,” reads the forum post from UNKN.
At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked.”

“The hosting support service doesn’t provide any information except “at the request of law enforcement authorities.” In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.“

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

JohnS1606, klang

Reply | Quote

Microfix wrote:

I’m sure a blind eye will be turned.

If a blind eye has been turn then a blind eye will be turned on other crimes.
The FBI can’t trace the ransom payment as it has been done by paying 75 Bitcoins (which is untraceable).

Reply | Quote

Amazing that seasoned computer experts have no understanding of Bitcoin –

it is absolutely traceable. I am sure the FBI has a bunch of blockchain experts on their payroll just like the IRS.

Other commentators who want to ban crypto have obviously zero understanding how the concept works. Crypto has evolved so profoundly legacy banking system will have no choice but to adapt. Singapore and Switzerland have seen the light already.

Perhaps any structure heavily dependent on the internet (basically everyone) should consider to pay more attention to security. Friend of mine runs a security company with a small to medium size business clientele. He says it is mindboggling how sloppy security is being handled and still quite often not considered a priority.

.

3 users thanked author for this post.

ve2mrx, Fred, Microfix

Reply | Quote

as Zarduso has kindly pointed out, Bitcoin IS traceable due to the blockchain algorithm framework. Now, if they had used Monero, whereby the blockchain algorithm is far more complex and fragmented, then the task to trace would have been a darned sight more difficult.

BTW: Welcome to the madhouse Zarduso

Windows - commercial by definition and now function...

2 users thanked author for this post.

OscarCP, Zarduso

Reply | Quote

who took them down?
and why not do it sooner?

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Then there is the other possibility mentioned in Bleeping computer: this is a scam, whereby the cybercriminals are putting up their message — about “being shut down” and having had the money “belonging to us and our customers” “seized” by “law enforcement” (whose?), from the cryptocurrency wallet where the victims of the kidnapping have delivered it — as a smoke screen between them and their “customers”, while they get away with all the loot they promised to share, but this way they will keep it all for themselves. As part of this ploy, they are (or so they say) giving the actual keys to the encrypted pipeline computers to their “customers” so they can try their luck extorting the victims themselves — again.

This is certainly an interesting world, and it’s getting more interesting by the day, or so it would seem.

P.S.: The other possibility, already extensively commented upon here, is that the servers have been actually seized by law enforcement. If this were the case, then I do wonder if the $4 paid by “another victim” (see Microfix comment further up, here  #2364913  ) could not have been a baited hook the FBI dropped into the payment site to track where the mother-ship servers were located in the Internet and then go from there. As I wrote and I repeat: Interesting world, no?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The $4 is a typo, it was $4.4 million.  But I agree with your first remarks. The hackers/scammers are no dummies. They would have left themselves an emergency backdoor; and now they’ve made off with $9.4 million in ransom that was supposed to be shared with their “clients,”  saying instead “here’s the decryption keys for the other targets, good luck with that.” No honor among thieves. But it is absolutely essential that the owners or managers of the servers that allow these criminals access to the internet, and even the satellite owners and operators, need to be held accountable, fined and punished, or taken down by the US and other western powers, even by force if necessary. There has to be consequences for those who cooperate with criminals allowing them to commit their crimes.

 

Reply | Quote

Anonymous: I entirely agree with you on who should be hauled in front a court of law and then dumped in some particularly nasty jail inhabited mostly by equal opportunity sex offenders.

But I feel I should also state here my belief that cryptocurrencies must be banned by a very tightly (as much as possible) binding international treaty that then becomes the law of the land in signatory countries and sticks huge red flags on the non-signatory ones.

I also wish to amend something I wrote myself in the comment you have replied above this one and now I am replying to: instead of writing that the FBI might have used the (according to you $4.4 million) as bait to track and find the servers of the cybercriminals, I really should have written, instead of “the FBI”, “law enforcement (FBI?)” because, for all we know, it could have been the Federal Security Service under direct instructions from our BFF Vlad himself, after that phone call with Joe.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP I entirely agree with you regarding cryptocurrencies; they really do need to be banned worldwide. The world’s banking system and global supply chain depend on a stable reliable default currency, which currently is the US dollar (USD). It could be the British Pound Sterling or China’s currency instead, doesn’t matter as long as it is stable, reliable and in use worldwide. But cryptocurrencies are neither stable nor reliable; they’re extremely volatile and very unreliable, more so even than the most risky stock market instruments. Cryptocurrencies are like the worst banana republic’s fiat currency that fluctuates due to hyperinflation in that country. The US dollar is also a fiat currency, but it is also backed by the world’s largest economy and many others that use it by default. Cryptocurrencies are an existential threat to the world’s banking system and should be permanently banned.

 

1 user thanked author for this post.

wavy

Reply | Quote

And a waste of perfectly good energy!

There are enough places you can legally gamble already without this one! Speculation is nothing else but gambling. There is nothing good for society here, just another get rich quick scheme in disguise. Oh, and tax evasion!

I would have another opinion if the value was tied to another stable currency, possibly.

Martin

Reply | Quote

But I feel I should also state here my belief that cryptocurrencies must be banned by a very tightly (as much as possible) binding international treaty that then becomes the law of the land in signatory countries and sticks huge red flags on the non-signatory ones.

Why??
I hope it’s not because “muh fraud, muh terrorism, muh money laundering / criminals”, because you know what they’ve been using for all those things for SO long already, and still do? Cash! $$$$$$$$$$$$.

Bitcoin is absolutely traceable, that’s one of the points of it.

1 user thanked author for this post.

Fred

Reply | Quote

BobT: Since you have asked me directly, I believe I should answer:

Well, yes, what you have mentioned, and also the financial instability added to all the other current reasons for said instability, something the world does not really need, particularly now,  not to mention the huge waste of electrical energy cryptocurrencies cause, mainly when “mining” new currency, with all the CO2 that releases .. Oops! that’s “controversial”!

Not to mention people having their computers hijacked, forcing these to do some of the mining while slowing them to a crawl for their legitimate users …

But all these obnoxious side effects, being obvious, they are something I prefer not to discuss further, because I have this rule, that I not always apply, but now I do: I do not discuss the obvious.

Not to mention that this “cryptocurrency” thing is way off topic here. I started it, unintentionally, with a passing short comment within a comment that was entirely on topic: mea culpa, mea maxima culpa! So, if you wish, or anyone else wishes to bring this up further, I suggest using the “Rants” forum to that end. Thank you.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

ve2mrx

Reply | Quote

OscarCP wrote:

As part of this ploy, they are (or so they say) giving the actual keys to the encrypted pipeline computers to their “customers” so they can try their luck extorting the victims themselves — again.

Who are not as expert at the collecting part and more likely to fall to law enforcement agencies and keep them busy for a while as DS make their getaway. They ain’t stooopid.
BTW am I gonna get deleted if I add an emoji?

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

OscarCP

Reply | Quote

What Is Ransomware? – If You Don’t Know, Now You Know | The Daily Show – YouTube  USA only – may have to use a vpn to watch it.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan: If something is on YouTube, it is also accessible beyond the borders of the US of A.

I have several “Fun Stuff” threads with YT video links in the postings that are made and used by AskWoody members, both from here and abroad, with no problems at all. It would seem that YT now is all over the world, mostly.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Someone in another forum said it was inaccessible to someone in Australia. It’s geo blocked in certain locations.  Youtube is worldwide, however some videos are not.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Someone in Australia is not getting something on YouTube? Well YouTube is Google’s and Google and Australia …

Pure coincidence, no doubt.

In any case, in recent hours there have been numerous reports of some impressive YouTube outages:

https://9to5google.com/2021/05/18/youtube-playback-error-outage-may18/

So maybe it has nothing to do with Australia.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Susan Bradley wrote:

What Is Ransomware? – If You Don’t Know, Now You Know | The Daily Show – YouTube  USA only – may have to use a vpn to watch it.

I don’t use VPN and can watch the video.:-)

Reply | Quote

When law enforcement is contacted and in the process of working with the victim, I assume they go through a series of steps to identify the source. If they do get a fix on the lair,  why don’t they fry their equipment?  The stolen data is more than likely on detachable hard drives and not on a live system, so they will leave the damaged stuff behind when they bolt.   Law enforcement can still do forensics on fried equipment.  It is evidence – systems have serial numbers and they are purchased from somewhere by someone.  Tracing it may lead to one or more of the perpetrators.

If it is state sponsored,  frying the equipment will not start a war. The offending government will not admit to being the sponsor or that the location exists within their borders.   Some of these state sponsored cyber criminals work in large warehouses full of systems. That would be worth a precision hit.

For too long these criminals have got away with this. There has to be a way to make it extremely difficult for them to continue. And we all know that it is going to continue.

 

Reply | Quote

During the Prohibition in the USA, when alcohol was treated the way heroine is these days in many countries, from a law-enforcement point of view, it was as illegal to sell alcohol and alcoholic drinks, and the police action was just as vigorous and direct: places where alcohol was sold and, or made were smashed to bits and the illegal booze poured down the drain by the barrel-load. The money and property of offenders sometimes were confiscated. People ware sent to jail. But the making, smuggling and selling of alcohol and alcoholic drinks went on all the same. Why? For exactly the same reason the war on drugs is a never-ending one, forever without victory in sight: the money to be made is simply too big, the political power and influence of some of those behind the illegal business, too big, too big, for that thing ever to really be stopped for good.

So I doubt this sort of thing can ever be stopped; politics being the act of the possible, those  in government, much as some of them might wish to end the illegal drug trade for good, in the end come to understand this and make their concessions and accommodations to it, not just out of venality but also as a matter of practical necessity.

It might not be possible to end it by police action alone, but it can be discouraged by making it more difficult and less profitable. In the case of direct attacks against the infrastructure of a nation, as in the notorious case of the pipeline that got here the ball rolling, with this thread, the nature of the Internet makes it hard to keep under control its criminal uses. An action that might be effective against it is also likely to rise, in democracies, serious issues of personal fredom and civil rights. It needs enough coordinated action among enough nations for long enough to keep a lid on it. There are some obvious measures that can be taken: I have mentioned making cryptocurrency, that allows crooks to pull big heists, stash the money away and also move it around with greater facility and less risk to themselves than if they were stealing cash, But touch something like that, and the chorus of lamentations, protests and cat calls pretty soon becomes deafening. Serious measures will always be inconvenient to many that are not up to anything particularly bad, but they must be taken in order to combat serious crime. They are not going to be popular, because they cannot be and they don’t have to be. But shall those in a position to act muster the political will and also  the savvy to do it, and do it right? Ah, that is the billion-Bitcoin question!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

One big difference – a ransom demand of any magnitude is wanted by no-one. Alcohol and drugs are desired commodities.  The general public, business and industry want ransomware stopped.

Can it be stopped?  It all comes down to the level of risk for the perpetrators and their organization.  Right now their risk of capture and incarceration is low, so frying their assets may be a place to start.  Government lawyers may be the impediment to doing this but lawmakers have been known to get creative when up against it.  ‘Who us? – never!’

Malware is probably the most used weapon on the planet these days – it is deployed to do damage. Those in power use it.  It is no secret.

 

 

Reply | Quote

Anonymous: A ransomware demand is not wanted by anyone? Well, it is definitely a favorite of the ransomware criminals and their partners in crime. And what makes this possible is also, same as with heroine or alcohol, the addiction to the bubble-economy the cyber-currency addicts help sustain, because they can never have enough of it and that is also dear to cybercriminals, that receive their payment in ones and zeroes over the Dark Internet, rather that sent to traceable bank accounts in the Caiman Islands, not to mention taking possession and the stashing away large, bulky, heavy amounts of actual cash.

I m not sure how precisely government lawyers may be an impediment against cracking down on cybercriminals, but that aside, there are things both governments and private businesses can do to hit them where it hurts: in their cybercoin wallets, that might have been seized by the action of (as far as I know) an as yet unnamed police force, and also by taking legal measures that sends their value down the tubes. As demonstrated just this week by the Chinese government prohibiting its use. And by Tesla’s Mr. Musk’s decision to stop accepting them in payment for the cars. These two things have caused, once more, this novel type of funny-money to plummet in value, with very large financial loses for those with significant amounts of this quasi-currency in their possession:

https://www.bbc.com/news/business-57169726

The reasons given by the Chinese government and by Musk mainly address two different aspects of the nefarious influence of cryptocurrencies: China’s arguing that destabilizes economies, it is bad for trade, and that it is useful to criminals and tax-evaders in various ways; Musk, for his part, also invoking the “environmental” concerns raised by the huge consumption of energy and consequent air pollution caused by the production of that energy.

They have no argument from me.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote