Hack Attack

[Horsefly]

Isn’t a get even hack in order ? Maybe I’m way too confident in our technology. Wouldn’t you think we’d have way better hacking equipment and skills to scare crap outta anyone jacking with us. Maybe it’s a lack of balls to use it. 

[Dr.Hess]

It was probably just a criminal organization, not a state actor.  And I think the NSA could un-do the encryption, but doesn't want to admit it.

[manureman]

   I was hearing yesterday that they paid the ransom to get the pipeline back up and running BUT they thought the hackers were moving to slowly and used they’re own backups to do it.... ( WTF)!! Anybody else hear that? I’m thinking that was just a dumbass attack by someone in the media because it makes zero sense.

[FC]

Ransomware sure has hit hospitals.

[Dr.Hess]

Yeah, they hit the company I work for a couple years ago.  It was bad.  I think they stole a laptop and got in that way.  The feds (FBI) said "Just pay them."  THANKS.  After that, we hardened up all the systems to the point that they were just barely usable.

[Dr.Hess]

From: https://www.zerohedge.com/geopolitical/darkside-hackers-reportedly-closing-down-after-retaliation-routs-their-infrastructure

 

 

Quote

DarkSide Hackers Reportedly Closing Down After Retaliation Routs Their Infrastructure

by Tyler Durden

Friday, May 14, 2021 - 01:39 PM

The hacker group responsible for the ransomware attack on Colonial Pipeline that caused fuel shortages in the Southeast US appears to be shutting down after all its recent success, according to WSJ. 

The operator of the ransomware group Darkside, believed to originate in Eastern Europe or Russia, has been unable to access its computer systems to conduct cyber attacks. Associates close to the hacking group said it would disband, citing international pressure from the US, said security research firm FireEye. 

The DARKSIDE announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers and would be closing their service. Decrypters would also be provided for companies who have not paid, possibly to their affiliates to distribute. (2/3)

— FireEye (@FireEye) May 14, 2021

 

The post cited law enforcement pressure and pressure from the United States for this decision. @Mandiant has not independently validated these claims and there is some speculation by other actors that this could be an exit scam. (3/3)

— FireEye (@FireEye) May 14, 2021

Recorded Future threat intelligence analyst Dmitry Smilyanets said DarkSide has lost control of its servers and lost some money it made through ransom payments. 

"A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers," Darksupp, the operator of the Darkside ransomware, said.

Now, these servers are unavailable via SSH, and the hosting panels are blocked."

Darksupp also reported cryptocurrency funds were withdrawn from the payment server and would be split between itself and its associates.

This sudden dispersion of the hacking group is suspicious. Who would disband a hack operation for a measly $5 million - that will barely buy a mansion in the Bay Area. 

On Thursday, President Joe Biden announced his administration had been "in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks" and would "pursue a measure to disrupt their ability to operate."

Biden said, "We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that's where it came from."

But not everyone is convinced DarkSide is a legitimate hacking group but rather a cover for a rogue group of CIA hackers. 

Natalya Kaspersky, the founder and former CEO of security software firm Kaspersky Lab, made an explosive suggestion in an interview with Russian state-owned domestic news agency RIA Novosti that CIA hackers were actually behind the Colonial Pipeline attack, reported RT News. 

Kaspersky said the Umbrage team, which is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence, can mask its hackers as outside ones and leave behind the "fingerprints" of the external hackers when it breaks into electronic devices. 

WikiLeaks in 2017 shed light on the Umbrage team. At the time, USA Today said CIA operatives "may have been cataloging hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage."

Kaspersky pointed out a list "of the countries under whose hacker groups this UMBRAGE is disguised – Russia, North Korea, China, Iran." She claimed that "therefore, it cannot be said with certainty that a hacker group carried out the attack from Russia and that it was not a provocation made themselves from there, or from some other country." 

... more things that make you go hmm. 

They WEREN'T REAL. I talked with hackers on every hacking tor forum I could find and they all said the same thing GOVERNMENT ENTITY. REvil, doppelpaymer those are REAL HACKING GROUPS. darkside? Never even existed on TOR. pic.twitter.com/ZtmztfPXwj

— emily (@oracleofomega) May 14, 2021

 

[karlunity]

If they embarrassed Putin I think they are worried about a visit from state security.

karl

[Racepres]

My Daughter in law, had her Puter taken "Hostage" not that long ago... called me crying alligator tears... I told her... "Shut it Off"

unbelievable how pissed them cats was...as they was on the Phone by then.. I got to their house after awhile... fired their PC up with my live version of Linux!!!

Cleaned it all up and Evicted the "Spys"... no more Problem Since!!!

This really isn't Rocket Science!!! Push the On/Off button to Off!!!! Or... Duh!!! UnPlug!!!  Then Deal with the pricks!!! really quite simple... even for a Hickerbilly like Myself!!!

 

[Dr.Hess]

In this case, as with the company I work for, or worked for that got bought by the company I work for now, whatever, what they do is put a program on your system running in the background that encrypts your hard drive.  All the data, with their own password.  Then when you turn on your computer, all you get is a screen telling you what they did and demanding money.  They will give you the password if you send them so much money in Bitcoin.

[karlunity]

I would just reinstall Fedora on a home computer too.  But I can see where if, you had a major firm with data you simply could not lose , getting that data back that it could be a major issue. Best teach every one to make backups..  like the old days.

 

 

karl

[Racepres]

On 5/14/2021 at 7:24 PM, Dr.Hess said:

In this case, as with the company I work for, or worked for that got bought by the company I work for now, whatever, what they do is put a program on your system running in the background that encrypts your hard drive.  All the data, with their own password.  Then when you turn on your computer, all you get is a screen telling you what they did and demanding money.  They will give you the password if you send them so much money in Bitcoin.

 

4 hours ago, karlunity said:

I would just reinstall Fedora on a home computer too.  But I can see where if, you had a major firm with data you simply could not lose , getting that data back that it could be a major issue. Best teach every one to make backups..  like the old days.

 

 

karl

Google any "Live" version of Linux... no need to "start" your current software.. no reason to reinstall anything.. "Live Linux" don't need Nuthin but Hardware... use it to evict unwanted Software... simple ..again... if this was Rocket Science... I would Not be able to even talk about it!!!!

[karlunity]

Thank you 

karl