July 4, 2022

High-Profile Hacks Leave Ransomware Gangs With Unwanted Publicity

Ransomware groups may be trying to retreat from the spotlight—and preserve their business models—after high-profile attacks in recent weeks disrupted daily life in two countries and sparked widespread condemnation.

Ireland’s public healthcare system’s computer networks remain crippled after hackers from the so-called Conti ring struck early this month, disrupting care throughout the country. Conti handed over a tool last week to help reverse the damage but still threatened to leak stolen data unless a ransom was paid. The move came after the ransomware gang DarkSide claimed it disbanded following its attack on Colonial Pipeline Co. and other hacking groups urged members to move deeper underground.

The backpedaling shows how ransomware gangs that prefer to operate in the shadows, using publicity when it suits them in the form of extortion schemes, are trying to avoid scrutiny after some within their ranks inflicted real-world pain, security experts say. The likely goal, they say, is to regroup while the possibility of law-enforcement pushback is high and vet future targets more carefully.

“It is possible that we’re beginning to see potentially important signs of unrest [among hackers],” said

Ciaran Martin,

former head of the National Cyber Security Centre, the British government’s cybersecurity agency.

U.S. lawmakers and officials have responded to the attacks by floating new powers for federal agencies and new cyber regulations for companies. Security experts say hackers’ recent moves could also point to new pressure by foreign governments, such as the Kremlin, which the U.S. and others say provide safe harbor to ransomware groups.

Ciaran Martin, Ciaran Martin, former head of Britain’s National Cyber Security Centre.



Photo:

Michael Bucher/The Wall Street Journal

“If they’re quietly forcing C-suite executives to hand over large checks, that’s one thing,” said Mr. Martin, now a professor at the University of Oxford. “If they’re causing huge problems for the U.S. president and EU member states, that’s quite a different problem.”

The hack of Ireland’s Health Service Executive pushed healthcare providers to keep records by hand and cancel or delay some procedures. A top official warned of tens of millions of Euros in repairs as a result of the breach.

On Friday, Minister of Health Stephen Donnelly told public broadcaster RTÉ Radio 1 that hackers who encrypted the healthcare system’s data offered a tool to help unlock it—free of charge.

“It came as a surprise,” Mr. Donnelly said. Irish officials, who say they won’t pay a ransom per government policy, have warned that the group behind the attack also stole personal data that could be leaked in an extortion scheme.

A spokesperson for HSE didn’t immediately respond to a request for comment on the status of the decryption tool.

Some ransomware groups in the past have offered decryptors to victims such as hospitals or nonprofits, said Brett Callow, a threat analyst at the cyber firm Emsisoft Ltd.

“It’s possible that they’re concerned with the well-being of others or, more likely, it was an act of self-preservation,” Mr. Callow said. “Attacks of this scale, which are so high-profile, mean that governments really can’t be seen as ignoring this anymore.”

U.S. officials have increasingly warned of such threats to privately owned infrastructure, such as Colonial Pipeline. Executives’ decision to pay hackers $4.4 million in bitcoin, just hours after receiving a ransom note on May 7, failed to prevent a six-day shutdown of the East Coast’s largest conduit for fuel or a continuing cybersecurity cleanup job that could cost tens of millions of dollars. Energy Secretary

Jennifer Granholm

sought to assure the U.S. public that fuel supplies were temporarily disrupted and that there was no gasoline shortage.

A week later, the DarkSide ransomware gang behind the hack told associates who use its malware that it was disbanding because the infrastructure behind its operation had been shut down, according to a copy of the message translated from Russian by the cyber firm Intel 471 Inc.

“In view of the above and due to the pressure from the U.S., the affiliate program is closed,” the group said. “Stay safe and good luck.”

The disruption came after President Biden said the White House was in contact with the Russian government about taking action against such criminal groups.

A White House spokeswoman declined to comment on a Washington Post report that the U.S. government wasn’t behind the DarkSide takedown. The Russian embassy in Washington didn’t immediately respond to a request for comment.

As the fallout from the Colonial Pipeline hack rippled outward, some other ransomware groups have stopped openly advertising their services online, said Mark Arena, chief executive of Intel 471, which monitors forums and chat rooms to watch how hackers operate.

Instead, he said, hackers are likely communicating directly with existing associates in the hope of protecting their groups’ reputations. Cybersecurity experts and ransom negotiators say they consider ransomware gangs’ trustworthiness when deciding whether to make payments.

Mr. Arena said the recent activity shouldn’t be confused for hackers halting their communications. “It’s going to be happening more behind the scenes,” he said.

Write to David Uberti at [email protected]

More From WSJ Pro Cybersecurity

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Netflix Strikes Deal With Filmmaker Steven Spielberg

June 21, 2021

June 21, 2021

Under the terms of the deal, announced Monday by Netflix and Mr. Spielberg’s Amblin Partners, the studio will make multiple...

Internet’s Original Source Code Sold as NFT for $5.4 Million

June 30, 2021

June 30, 2021

The original files of the source code for the World Wide Web were sold Wednesday as a nonfungible token, or...

Technology Fills the Gap as Jobs Lag GDP

June 9, 2021

June 9, 2021

The economy is booming. Why isn’t job growth? Payrolls have risen 1.6 million in the past three months and are...

Germany Targets Google Market Power in Expansion of Tech Rules

May 25, 2021

May 25, 2021

Germany’s competition regulator is investigating whether Google is dominant enough to be subject to the country’s new digital-competition law, broadening...

Quanergy to Go Public Through SPAC Deal

June 22, 2021

June 22, 2021

Quanergy Systems Inc., a provider of lidar sensors and 3-D perception software, is going public through a combination with a...

DoorDash and Uber Eats Are Hot. They’re Still Not Making Money.

May 28, 2021

May 28, 2021

Food-delivery companies did record-breaking business during the pandemic, as millions of homebound Americans embraced the idea of ordering dinner via...

Judge Blocks Florida Law Barring Twitter, Facebook Bans of Candidates

July 1, 2021

July 1, 2021

A federal judge in Florida on Wednesday blocked the state from enforcing key parts of a new law that makes...

Amazon Got Us Hooked on One-Day Delivery—Now Small Businesses Are Paying for It

June 12, 2021

June 12, 2021

Things had been looking good for Charleston Gourmet Burger, a small family business based in South Carolina. Founded by husband-and-wife...

How to Get More Women Into Technology

June 1, 2021

June 1, 2021

During her decadeslong career in technology, Judith Spitz watched as the “dismal number” of women in the industry failed to...

Indian Police Visit Twitter’s Office After Politician’s Tweet Is Labeled as Misleading

May 25, 2021

May 25, 2021

Indian police visited Twitter Inc.’s office in New Delhi to investigate the company’s labeling of tweets from a ruling party...

Facebook Ends Ban on Posts Asserting Covid-19 Was Man-Made

May 27, 2021

May 27, 2021

Facebook Inc. FB -0.04% has ended its ban on posts asserting Covid-19 was man-made or manufactured, a policy shift that...

Uber and Lyft Thought Prices Would Normalize by Now. Here’s Why They Are Still High.

October 30, 2021

October 30, 2021

Americans hailing an Uber or a Lyft ride still face elevated prices due to a shortage of drivers—the latest example...

John McAfee, the Silicon Valley Entrepreneur Who Died in a Spanish Jail

June 25, 2021

June 25, 2021

John McAfee made a fortune estimated at more than $100 million from antivirus software for computers in the early 1990s...

Lordstown Motors Says It Needs to Raise Cash, Lowers Production Forecast

May 24, 2021

May 24, 2021

Electric-truck startup Lordstown Motors Corp. RIDE 0.94% said Monday it faces higher-than-expected costs, is cutting its 2021 production forecast by...

Roku Plans to Develop More Than 50 Original Shows in Next Two Years

November 19, 2021

November 19, 2021

Roku Inc., the nation’s biggest pathway to streaming services, wants to become an entertainment force in its own right. The...