FBI Warns of Ransomware Attackers Using Sophisticated Program
WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language.
The targets of the ransomware attacks have included a Swiss airport management company and two German oil suppliers.
About 30% of the attacks with the Rust programming language have infiltrated U.S. organizations. Rust is considered a secure programming language that is difficult for the victims to deactivate.
The FBI accuses the malware group BlackCat, sometimes known as DarkSide, of the attacks.
DarkSide is blamed for the May 2021 Colonial Pipeline ransomware incident.
The sophistication of the attacks shows the BlackCat gang is affiliated with other money launderers and data thieves, indicating “they have extensive networks and experience with ransomware operations,” the FBI advisory says.
Their “ransomware leverages previously compromised user credentials to gain initial access to the victim system. Once the malware establishes access, it compromises Active Directory user and administrator accounts,” the FBI said.
Even if the network owners restore their service, the gangs represent an ongoing threat from the data they steal.
The gang “steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored,” the FBI reported.
The U.S. Justice Department says the ransomware gangs are most likely based in Russia but do not have official government sponsorship. Nevertheless, the Russian government has made almost no effort to shut them down.
In DarkSide’s most infamous attack, it shut down Colonial Pipeline Company’s 5,500-mile pipeline that carries 45% of the fuel used on the East Coast of the United States from its source in Texas.
Service was restored after five days on May 12, 2021, but not before the company paid a $4.4 million ransom in bitcoin. The Justice Department later recovered $2.3 million of the ransom from an account in California.
The FBI did not say in its recent advisory how much damage was done by BlackCat to U.S. computer networks. It also did not name the victims.
Instead, it gave a list of suggested security measures for network owners.
Tom can be reached at [email protected]