FBI Warns of Ransomware Attackers Using Sophisticated Program

April 26, 2022 by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program
FBI Headquarters. (Photo by Dan McCue)

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language. 

The targets of the ransomware attacks have included a Swiss airport management company and two German oil suppliers.

About 30% of the attacks with the Rust programming language have infiltrated U.S. organizations. Rust is considered a secure programming language that is difficult for the victims to deactivate.

The FBI accuses the malware group BlackCat, sometimes known as DarkSide, of the attacks. 


DarkSide is blamed for the May 2021 Colonial Pipeline ransomware incident.

The sophistication of the attacks shows the BlackCat gang is affiliated with other money launderers and data thieves, indicating “they have extensive networks and experience with ransomware operations,” the FBI advisory says. 

Their “ransomware leverages previously compromised user credentials to gain initial access to the victim system. Once the malware establishes access, it compromises Active Directory user and administrator accounts,” the FBI said.


Even if the network owners restore their service, the gangs represent an ongoing threat from the data they steal.

The gang “steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored,” the FBI reported.

The U.S. Justice Department says the ransomware gangs are most likely based in Russia but do not have official government sponsorship. Nevertheless, the Russian government has made almost no effort to shut them down.

In DarkSide’s most infamous attack, it shut down Colonial Pipeline Company’s 5,500-mile pipeline that carries 45% of the fuel used on the East Coast of the United States from its source in Texas.

Service was restored after five days on May 12, 2021, but not before the company paid a $4.4 million ransom in bitcoin. The Justice Department later recovered $2.3 million of the ransom from an account in California.

The FBI did not say in its recent advisory how much damage was done by BlackCat to U.S. computer networks. It also did not name the victims.


Instead, it gave a list of suggested security measures for network owners.

Tom can be reached at [email protected]

A+
a-
TWN
  • Darkside
  • FBI
  • ransomware
    • linkedin linkedin

    In The News

    Health

    Voting

    Cybercrime

    May 18, 2022
    by Dan McCue
    Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

    WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

    WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

    May 6, 2022
    by Madeline Hughes
    Cybercrime Tracking Bill Signed Into Law

    WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S.... Read More

    WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S. after President Joe Biden signed a bill into law Thursday granting the department the ability to track crimes that have become increasingly prevalent in recent years.... Read More

    May 4, 2022
    by Tom Ramstack
    Russian Cyberthreats Create Alarms at Senate Homeland Security Hearing

    WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United... Read More

    WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United States and allies continue their support for Ukraine. In the latest move, the European Union announced Tuesday it would end all oil imports from Russia in... Read More

    April 26, 2022
    by Tom Ramstack
    FBI Warns of Ransomware Attackers Using Sophisticated Program

    WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations... Read More

    WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language.  The targets of the ransomware attacks have included a Swiss airport management company and... Read More

    April 22, 2022
    by Tom Ramstack
    FBI Warns Farmers to Beware Ransomware Cyberattacks

    WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt... Read More

    WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt their operations during the planting and harvest seasons. The FBI announcement was one of several warnings about cyberattacks that are becoming more shrill as Russia continues... Read More

    April 7, 2022
    by Madeline Hughes
    Warning of Cyberattacks on Backup Power Devices

    WASHINGTON — There’s a new warning about cyberattacks on uninterruptible power supplies — essentially the backup batteries that allow near-continuous... Read More

    WASHINGTON — There’s a new warning about cyberattacks on uninterruptible power supplies — essentially the backup batteries that allow near-continuous operation when there is a power failure. The Federal Communications Commission issued this warning Thursday to communications companies that often use these backups to keep the... Read More

    News From The Well
    scroll top