In the wake of the devastating Colonial Pipeline cyberattack causing massive fuel shortages in parts of the U.S., DarkSide, the Russia-based ransomware gang behind the attack, has gone so far as to issue a press release stating that their organization is "apolitical."
"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment [sic] and look for other our motives," the group said in its statement.
Then after proclaiming it’s just about the money, they toss in a measure of ostensible goodwill, adding, "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
But the PR campaign appears to be little more than a weak attempt at spin by a criminal organization.
"What we are seeing is a criminal industry that normally enjoys being in the media spotlight, suddenly realizing that they made a big mistake," Lawrence Abrams, who runs the cybersecurity news site BleepingComputer, told FOX Business.
"The series of events playing out right now are hurting [DarkSide’s] business," Ekram Ahmed, a spokesperson for cybersecurity firm Check Point, said. "And so it appears they’ve issued a generic statement in a futile attempt to defuse the situation."
And the gang has reportedly even given money to charities, including Children International and The Water Project.
DarkSide is run as a business that the cybersecurity community dubs "Ransomware-as-a-service" or RaaS. Despite its criminal implications, the term mimics other legitimate business models such as SaaS or software-as-a-service.
DarkSide is essentially two groups of people. One group is the operators and developers of the ransomware, while the other is affiliates that do the hacking and deploy the ransomware, according to BleepingComputer.
"RaaS operations are typically free-for-alls where affiliates can attack whoever they want, and the core operators simply develop the ransomware, handle negotiations and accept ransom payments," Abrams wrote.
The DarkSide ransomware strain made its debut in the summer of 2020. And recently made an announcement of DarkSide 2.0, according to InfoSecurity Magazine.
"They claim that the Windows version of Darkside 2.0 encrypts files faster than any other ransomware-as-a-service (RaaS) and is twice as speedy as the previous iteration," the magazine reported.
And like other ransomware variants, DarkSide engages in double extortion. That typically means the criminals not only demand ransom on the encrypted data but will then threaten to make it public if a separate ransom demand is not paid, according to Krebs on Security.