It hasn’t been long since Colonial Pipeline, a US pipeline company, suffered a DarkSide blackmail attack, but the pace of cybercrime has not slowed down. Recently, the US software provider Kaseya was attacked by the ransomware REvil, which caused the system to be paralyzed, and multiple hosting service providers and more than one thousand customers were affected. The REvil ransomware organization even demanded a ransom of USD 70 million, breaking the historical record of the highest ransom. However, today the attackers reduced the ransom to US$50 million.
Ransomware attacks have intensified, and the scale and ransom amount have also grown exponentially. Knowing who these groups are and what they want is crucial to defeating them.
Today, let’s take a look at the five most dangerous cybercriminal organizations.
DarkSide
DarkSide was behind the Colonial Pipeline attack in May of this year. The attack caused the closure of the fuel distribution network of the Colonial Pipeline in the United States, which raised concerns about gasoline shortages.
The DarkSide organization was first noticed in August 2020, with its headquarters in Eastern Europe. The target is large companies whose services will be restricted due to network interruptions-this is a key factor, because it is more likely to be attacked to pay the ransom. Such companies are also more likely to deploy cyber insurance, which means that criminals can easily make money.
DarkSide's business model is to provide ransomware services. In other words, it performs ransomware attacks on behalf of other hidden perpetrators in order to reduce the perpetrator’s responsibility. The benefits obtained are shared by the executor and the offender.
Organizations that provide "cybercrime as a service" also provide online forums to support other people or organizations that want to improve their cybercrime skills. These skills may include how to combine distributed denial of service (DDoS) and ransomware attacks, and put extra pressure on negotiations. Ransomware is used to prevent companies from processing previous and current orders, and DDoS attacks prevent any new orders.
REvil
REvil is the protagonist of the current Kaseya attack, and just last month the organization also carried out an attack on JBS, the world's largest meat processor.
The organization was first discovered in April 2019, initially spread through Oracle WebLogic vulnerabilities, and was particularly active in 2020-2021.
In April of this year, REvil stole unpublished technical data of Apple products from Quanta Computer, Apple’s foundry, and demanded a $50 million ransom, otherwise the stolen data would be disclosed.
Clop
Clop is a cyber attack organization motivated by economic interests, which appeared in public view in February 2019. The main goal of Clop is to encrypt the files of the enterprise and send the decryptor after receiving the ransom.
However, it should be noted that the Clop organization is good at "double blackmail", and the attacked party has to pay an additional ransom to avoid data being disclosed.
Previous attacks launched by Clop indicate that organizations that have paid the ransom are more likely to pay the ransom again in the future. Therefore, hackers tend to target the same organization again and again, demanding more money each time.
ClopLeaks website displays directly downloadable files
Syrian Electronic Army
The Syrian Electronic Army (Syrian Electronic Army) is a hacker organization that supports Syrian leader Bashar Assad. It is not a typical cyber criminal group. Since 2011, it has launched cyber attacks for the purpose of political propaganda. The organization used "phishing" technology to steal the accounts of some well-known news media to spread false news.
On April 23, 2013, the Syrian Electronic Army used the Associated Press's Twitter message that the White House was attacked by two bombings and President Obama was injured. Fake Twitter news once caused the US stock market to plunge rapidly during the intraday session, and the Dow plunged more than 140 points in 2 minutes. The Associated Press subsequently denied the news, saying its Twitter account was stolen.
On August 27, 2013, the Syrian Electronic Army attacked the New York Times and Twitter.
On January 1, 2014, the Syrian Electronic Army hacked into multiple social platform accounts of the Internet communication software Skype of Microsoft Corporation of the United States, and published a satirical message that Microsoft assisted the US government in monitoring the privacy of people’s communications.
FIN7
If this list can include a "super villain", it would be FIN7, the Russian-based organization arguably the most successful cybercriminal organization in history. FIN7 has been operating since 2012 and mainly operates in a commercial form.
The organization has always targeted US retail, catering, and hotel companies, and used elaborate spear phishing activities in the initial infection link.
It is reported that since 2015, FIN7 members have carried out highly complex malware activities against more than 100 US companies.
By hacking into thousands of computer systems, millions of customers' credit and debit card numbers were stolen, sold for profit.
Reference link:
- https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977
- https://en.wikipedia.org/wiki/DarkSide_(hacking_group)
- https://www.secureworks.com/research/revil-sodinokibi-ransomware
- https://www.77169.net/html/273136.html
- https://baike.baidu.com/item/%E5%8F%99%E5%88%A9%E4%BA%9A%E7%94%B5%E5%AD%90%E5%86%9B/2832887
- http://blog.nsfocus.net/fin7-review-analysis-part1-delivery-and-execution/
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。