FBI Warns of Ransomware Attackers Using Sophisticated Program

April 26, 2022 by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program
FBI Headquarters. (Photo by Dan McCue)

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language. 

The targets of the ransomware attacks have included a Swiss airport management company and two German oil suppliers.

About 30% of the attacks with the Rust programming language have infiltrated U.S. organizations. Rust is considered a secure programming language that is difficult for the victims to deactivate.

The FBI accuses the malware group BlackCat, sometimes known as DarkSide, of the attacks. 

DarkSide is blamed for the May 2021 Colonial Pipeline ransomware incident.

The sophistication of the attacks shows the BlackCat gang is affiliated with other money launderers and data thieves, indicating “they have extensive networks and experience with ransomware operations,” the FBI advisory says. 

Their “ransomware leverages previously compromised user credentials to gain initial access to the victim system. Once the malware establishes access, it compromises Active Directory user and administrator accounts,” the FBI said.

Even if the network owners restore their service, the gangs represent an ongoing threat from the data they steal.

The gang “steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored,” the FBI reported.

The U.S. Justice Department says the ransomware gangs are most likely based in Russia but do not have official government sponsorship. Nevertheless, the Russian government has made almost no effort to shut them down.

In DarkSide’s most infamous attack, it shut down Colonial Pipeline Company’s 5,500-mile pipeline that carries 45% of the fuel used on the East Coast of the United States from its source in Texas.

Service was restored after five days on May 12, 2021, but not before the company paid a $4.4 million ransom in bitcoin. The Justice Department later recovered $2.3 million of the ransom from an account in California.

The FBI did not say in its recent advisory how much damage was done by BlackCat to U.S. computer networks. It also did not name the victims.

Instead, it gave a list of suggested security measures for network owners.

Tom can be reached at [email protected]

A+
a-
  • Darkside
  • FBI
  • ransomware
  • In The News

    Health

    Voting

    Cybercrime

    October 7, 2023
    by Dan McCue
    Hackers Access DC Voter Records

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of... Read More

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of U.S. voter data, including D.C. voters reports, city officials said. Sarah Winn Graham, the spokeswoman for the board, said a hacking group known as RansomVC claimed... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    May 17, 2023
    by Tom Ramstack
    US Prosecutors Indict Russian for Ransomware Attacks

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his... Read More

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his conspirators about $200 million in stolen payments. The victims were mostly in the United States. They included nonprofits, hospitals and police departments, such as the Washington,... Read More

    March 16, 2023
    by Tom Ramstack
    SEC Seeks Court Order in Investigation of Chinese Cyberattack

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s... Read More

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s biggest law firms. The SEC says it is trying to investigate the extent of 2020 cyberattacks in the United States, such as the one that penetrated... Read More

    T-Mobile Says Data on 37M Customers Stolen

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late... Read More

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth. T-Mobile said in a filing with the U.S. Securities and... Read More

    December 5, 2022
    by TWN
    Philip Morris International Taking Proactive Role to Help Consumers Know, Fight Illegal Trade

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to... Read More

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to expand and add jobs, and it’s certainly not good for the consumers who unknowingly shell out considerable sums of money for knockoffs that ultimately fall far... Read More

    News From The Well
    scroll top