News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • DarkSide ransomware servers taken down

    Home Forums AskWoody blog DarkSide ransomware servers taken down

    Viewing 11 reply threads
    • Author
      Posts
      • #2364903
        Susan Bradley
        Manager

        After reportedly receiving $5 million for the pipeline and $4 for another victim, the DarkSide servers have been shut down per Bleeping computer. Note
        [See the full post at: DarkSide ransomware servers taken down]

        Susan Bradley Patch Lady

      • #2364907
        Alex5723
        AskWoody Plus

        Will Colonial Pipeline stand to trial and pay hefty penalties for paying the ransom ?

        U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals

        …Recently, however, the U.S. government has not so gently reminded companies that they, their cyber insurers and third parties that assist in facilitating payments to cybercriminals might be subject to liability and hefty penalties under federal laws. On October 1, 2020, the U.S. Department of the Treasury issued an advisory on potential risks of sanctions for organizations that facilitate ransom payments….

        2 users thanked author for this post.
        • #2364917
          Microfix
          AskWoody MVP

          If it’s in the interest of the economy, I’m sure a blind eye will be turned.
          FBI would have asked them to pay, so they could track and trace to the destination hence shut it down.

          | Quality over Quantity |
          1 user thanked author for this post.
        • #2364924
          SteveTree
          AskWoody Lounger

          Key words are ‘might be’. That’s an indicator Section 1 of the Bluff Act is being used.

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

          2 users thanked author for this post.
      • #2364913
        Microfix
        AskWoody MVP

        4

        the other victim got off lighlty then eh, $4, happy days!

        | Quality over Quantity |
      • #2364940
        OscarCP
        AskWoody Plus

        I have read the “Bleeping computer” article linked by Susan, with the disclosed message from the pipeline-nappers announcing the problem to their “customers” and I love it!, it reads like a standard mealy-mouthed business report:

        Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely : Blog, Payment server, DOS servers,” reads the forum post from UNKN.
        At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked.”

        “The hosting support service doesn’t provide any information except “at the request of law enforcement authorities.” In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        2 users thanked author for this post.
      • #2364980
        Alex5723
        AskWoody Plus

        I’m sure a blind eye will be turned.

        If a blind eye has been turn then a blind eye will be turned on other crimes.
        The FBI can’t trace the ransom payment as it has been done by paying 75 Bitcoins (which is untraceable).

        • #2365034
          Zarduso
          AskWoody Lounger

          Amazing that seasoned computer experts have no understanding of Bitcoin –

          it is absolutely traceable. I am sure the FBI has a bunch of blockchain experts on their payroll just like the IRS.

          Other commentators who want to ban crypto have obviously zero understanding how the concept works. Crypto has evolved so profoundly legacy banking system will have no choice but to adapt. Singapore and Switzerland have seen the light already.

          Perhaps any structure heavily dependent on the internet (basically everyone) should consider to pay more attention to security. Friend of mine runs a security company with a small to medium size business clientele. He says it is mindboggling how sloppy security is being handled and still quite often not considered a priority.

          .

          3 users thanked author for this post.
        • #2365043
          Microfix
          AskWoody MVP

          as Zarduso has kindly pointed out, Bitcoin IS traceable due to the blockchain algorithm framework. Now, if they had used Monero, whereby the blockchain algorithm is far more complex and fragmented, then the task to trace would have been a darned sight more difficult.

          BTW: Welcome to the madhouse Zarduso 🙂

          | Quality over Quantity |
          2 users thanked author for this post.
      • #2364984
        wavy
        AskWoody Plus

        who took them down?
        and why not do it sooner?

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
      • #2364994
        OscarCP
        AskWoody Plus

        Then there is the other possibility mentioned in Bleeping computer: this is a scam, whereby the cybercriminals are putting up their message — about “being shut down” and having had the money “belonging to us and our customers” “seized” by “law enforcement” (whose?), from the cryptocurrency wallet where the victims of the kidnapping have delivered it — as a smoke screen between them and their “customers”, while they get away with all the loot they promised to share, but this way they will keep it all for themselves. As part of this ploy, they are (or so they say) giving the actual keys to the encrypted pipeline computers to their “customers” so they can try their luck extorting the victims themselves — again.

        This is certainly an interesting world, and it’s getting more interesting by the day, or so it would seem.

        P.S.: The other possibility, already extensively commented upon here, is that the servers have been actually seized by law enforcement. If this were the case, then I do wonder if the $4 paid by “another victim” (see Microfix comment further up, here  #2364913  ) could not have been a baited hook the FBI dropped into the payment site to track where the mother-ship servers were located in the Internet and then go from there. As I wrote and I repeat: Interesting world, no?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        • #2365004
          anonymous
          Guest

          The $4 is a typo, it was $4.4 million.  But I agree with your first remarks. The hackers/scammers are no dummies. They would have left themselves an emergency backdoor; and now they’ve made off with $9.4 million in ransom that was supposed to be shared with their “clients,”  saying instead “here’s the decryption keys for the other targets, good luck with that.” No honor among thieves. But it is absolutely essential that the owners or managers of the servers that allow these criminals access to the internet, and even the satellite owners and operators, need to be held accountable, fined and punished, or taken down by the US and other western powers, even by force if necessary. There has to be consequences for those who cooperate with criminals allowing them to commit their crimes.

           

          • #2365017
            OscarCP
            AskWoody Plus

            Anonymous: I entirely agree with you on who should be hauled in front a court of law and then dumped in some particularly nasty jail inhabited mostly by equal opportunity sex offenders.

            But I feel I should also state here my belief that cryptocurrencies must be banned by a very tightly (as much as possible) binding international treaty that then becomes the law of the land in signatory countries and sticks huge red flags on the non-signatory ones.

            I also wish to amend something I wrote myself in the comment you have replied above this one and now I am replying to: instead of writing that the FBI might have used the (according to you $4.4 million) as bait to track and find the servers of the cybercriminals, I really should have written, instead of “the FBI”, “law enforcement (FBI?)” because, for all we know, it could have been the Federal Security Service under direct instructions from our BFF Vlad himself, after that phone call with Joe.

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

            • #2365112
              anonymous
              Guest

              OscarCP I entirely agree with you regarding cryptocurrencies; they really do need to be banned worldwide. The world’s banking system and global supply chain depend on a stable reliable default currency, which currently is the US dollar (USD). It could be the British Pound Sterling or China’s currency instead, doesn’t matter as long as it is stable, reliable and in use worldwide. But cryptocurrencies are neither stable nor reliable; they’re extremely volatile and very unreliable, more so even than the most risky stock market instruments. Cryptocurrencies are like the worst banana republic’s fiat currency that fluctuates due to hyperinflation in that country. The US dollar is also a fiat currency, but it is also backed by the world’s largest economy and many others that use it by default. Cryptocurrencies are an existential threat to the world’s banking system and should be permanently banned.

               

              1 user thanked author for this post.
              • #2365942
                ve2mrx
                AskWoody Plus

                And a waste of perfectly good energy!

                There are enough places you can legally gamble already without this one! Speculation is nothing else but gambling. There is nothing good for society here, just another get rich quick scheme in disguise. Oh, and tax evasion!

                I would have another opinion if the value was tied to another stable currency, possibly.

                Martin

      • #2365052
        BobT
        AskWoody Lounger

        But I feel I should also state here my belief that cryptocurrencies must be banned by a very tightly (as much as possible) binding international treaty that then becomes the law of the land in signatory countries and sticks huge red flags on the non-signatory ones.

        Why??
        I hope it’s not because “muh fraud, muh terrorism, muh money laundering / criminals”, because you know what they’ve been using for all those things for SO long already, and still do? Cash! $$$$$$$$$$$$.

        Bitcoin is absolutely traceable, that’s one of the points of it.

        1 user thanked author for this post.
        • #2365054
          OscarCP
          AskWoody Plus

          BobT: Since you have asked me directly, I believe I should answer:

          Well, yes, what you have mentioned, and also the financial instability added to all the other current reasons for said instability, something the world does not really need, particularly now,  not to mention the huge waste of electrical energy cryptocurrencies cause, mainly when “mining” new currency, with all the CO2 that releases .. Oops! that’s “controversial”!

          Not to mention people having their computers hijacked, forcing these to do some of the mining while slowing them to a crawl for their legitimate users …

          But all these obnoxious side effects, being obvious, they are something I prefer not to discuss further, because I have this rule, that I not always apply, but now I do: I do not discuss the obvious.

          Not to mention that this “cryptocurrency” thing is way off topic here. I started it, unintentionally, with a passing short comment within a comment that was entirely on topic: mea culpa, mea maxima culpa! So, if you wish, or anyone else wishes to bring this up further, I suggest using the “Rants” forum to that end. Thank you.

           

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          1 user thanked author for this post.
      • #2365064
        wavy
        AskWoody Plus

        As part of this ploy, they are (or so they say) giving the actual keys to the encrypted pipeline computers to their “customers” so they can try their luck extorting the victims themselves — again.

        Who are not as expert at the collecting part and more likely to fall to law enforcement agencies and keep them busy for a while as DS make their getaway. They ain’t stooopid.
        BTW am I gonna get deleted if I add an emoji?

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        1 user thanked author for this post.
      • #2365147
        Susan Bradley
        Manager

        Susan Bradley Patch Lady

        • #2365190
          OscarCP
          AskWoody Plus

          Susan: If something is on YouTube, it is also accessible beyond the borders of the US of A.

          I have several “Fun Stuff” threads with YT video links in the postings that are made and used by AskWoody members, both from here and abroad, with no problems at all. It would seem that YT now is all over the world, mostly.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          • #2365668
            Susan Bradley
            Manager

            Someone in another forum said it was inaccessible to someone in Australia. It’s geo blocked in certain locations.  Youtube is worldwide, however some videos are not.

            Susan Bradley Patch Lady

            • #2365675
              OscarCP
              AskWoody Plus

              Someone in Australia is not getting something on YouTube? Well YouTube is Google’s and Google and Australia …

              Pure coincidence, no doubt.

              In any case, in recent hours there have been numerous reports of some impressive YouTube outages:

              https://9to5google.com/2021/05/18/youtube-playback-error-outage-may18/

              So maybe it has nothing to do with Australia.

              Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

      • #2365148
        Alex5723
        AskWoody Plus

        What Is Ransomware? – If You Don’t Know, Now You Know | The Daily Show – YouTube  USA only – may have to use a vpn to watch it.

        I don’t use VPN and can watch the video.:-)

      • #2365793
        anonymous
        Guest

        When law enforcement is contacted and in the process of working with the victim, I assume they go through a series of steps to identify the source. If they do get a fix on the lair,  why don’t they fry their equipment?  The stolen data is more than likely on detachable hard drives and not on a live system, so they will leave the damaged stuff behind when they bolt.   Law enforcement can still do forensics on fried equipment.  It is evidence – systems have serial numbers and they are purchased from somewhere by someone.  Tracing it may lead to one or more of the perpetrators.

        If it is state sponsored,  frying the equipment will not start a war. The offending government will not admit to being the sponsor or that the location exists within their borders.   Some of these state sponsored cyber criminals work in large warehouses full of systems. That would be worth a precision hit.

        For too long these criminals have got away with this. There has to be a way to make it extremely difficult for them to continue. And we all know that it is going to continue.

         

        • #2365856
          OscarCP
          AskWoody Plus

          During the Prohibition in the USA, when alcohol was treated the way heroine is these days in many countries, from a law-enforcement point of view, it was as illegal to sell alcohol and alcoholic drinks, and the police action was just as vigorous and direct: places where alcohol was sold and, or made were smashed to bits and the illegal booze poured down the drain by the barrel-load. The money and property of offenders sometimes were confiscated. People ware sent to jail. But the making, smuggling and selling of alcohol and alcoholic drinks went on all the same. Why? For exactly the same reason the war on drugs is a never-ending one, forever without victory in sight: the money to be made is simply too big, the political power and influence of some of those behind the illegal business, too big, too big, for that thing ever to really be stopped for good.

          So I doubt this sort of thing can ever be stopped; politics being the act of the possible, those  in government, much as some of them might wish to end the illegal drug trade for good, in the end come to understand this and make their concessions and accommodations to it, not just out of venality but also as a matter of practical necessity.

          It might not be possible to end it by police action alone, but it can be discouraged by making it more difficult and less profitable. In the case of direct attacks against the infrastructure of a nation, as in the notorious case of the pipeline that got here the ball rolling, with this thread, the nature of the Internet makes it hard to keep under control its criminal uses. An action that might be effective against it is also likely to rise, in democracies, serious issues of personal fredom and civil rights. It needs enough coordinated action among enough nations for long enough to keep a lid on it. There are some obvious measures that can be taken: I have mentioned making cryptocurrency, that allows crooks to pull big heists, stash the money away and also move it around with greater facility and less risk to themselves than if they were stealing cash, But touch something like that, and the chorus of lamentations, protests and cat calls pretty soon becomes deafening. Serious measures will always be inconvenient to many that are not up to anything particularly bad, but they must be taken in order to combat serious crime. They are not going to be popular, because they cannot be and they don’t have to be. But shall those in a position to act muster the political will and also  the savvy to do it, and do it right? Ah, that is the billion-Bitcoin question!

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          • #2366137
            anonymous
            Guest

            One big difference – a ransom demand of any magnitude is wanted by no-one. Alcohol and drugs are desired commodities.  The general public, business and industry want ransomware stopped.

            Can it be stopped?  It all comes down to the level of risk for the perpetrators and their organization.  Right now their risk of capture and incarceration is low, so frying their assets may be a place to start.  Government lawyers may be the impediment to doing this but lawmakers have been known to get creative when up against it.  ‘Who us? – never!’

            Malware is probably the most used weapon on the planet these days – it is deployed to do damage. Those in power use it.  It is no secret.

             

             

            • #2366179
              OscarCP
              AskWoody Plus

              Anonymous: A ransomware demand is not wanted by anyone? Well, it is definitely a favorite of the ransomware criminals and their partners in crime. And what makes this possible is also, same as with heroine or alcohol, the addiction to the bubble-economy the cyber-currency addicts help sustain, because they can never have enough of it and that is also dear to cybercriminals, that receive their payment in ones and zeroes over the Dark Internet, rather that sent to traceable bank accounts in the Caiman Islands, not to mention taking possession and the stashing away large, bulky, heavy amounts of actual cash.

              I m not sure how precisely government lawyers may be an impediment against cracking down on cybercriminals, but that aside, there are things both governments and private businesses can do to hit them where it hurts: in their cybercoin wallets, that might have been seized by the action of (as far as I know) an as yet unnamed police force, and also by taking legal measures that sends their value down the tubes. As demonstrated just this week by the Chinese government prohibiting its use. And by Tesla’s Mr. Musk’s decision to stop accepting them in payment for the cars. These two things have caused, once more, this novel type of funny-money to plummet in value, with very large financial loses for those with significant amounts of this quasi-currency in their possession:

              https://www.bbc.com/news/business-57169726

              The reasons given by the Chinese government and by Musk mainly address two different aspects of the nefarious influence of cryptocurrencies: China’s arguing that destabilizes economies, it is bad for trade, and that it is useful to criminals and tax-evaders in various ways; Musk, for his part, also invoking the “environmental” concerns raised by the huge consumption of energy and consequent air pollution caused by the production of that energy.

              They have no argument from me.

               

              Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

    Viewing 11 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: DarkSide ransomware servers taken down

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.