Conflict Alerts

Conflict Alerts # 381, 19 May 2021

Colonial Pipeline incident: The Reign of Ransomware
Jeshil Samuel J

In the news
On 14 May, the cybercrime group, DarkSide (infamous for the recent Colonial Pipeline hack) announced that they would be closing down operations due to increasing pressure from the US and several law enforcement agencies. Cybersecurity firms FireEye and Intel 471 noted that the hacker group had informed their associates that they had lost access to their operations infrastructure and funds collected through recent attacks (Colonial & Brenntag).

On the same day, Toshiba announced in a public statement that its European subsidiaries had also become victims of a ransomware attack by DarkSide. Toshiba's spokesperson later informed media outlets that it was attacked on 4 May and the company had not paid any ransom.

On 13 May, Bloomberg reported that within hours of being attacked by ransomware on 7 May, Colonial Pipeline had paid nearly USD 5 million in Bitcoin to DarkSide, contradicting earlier statements made by the company.

Issues at large
First, the rise of ransomware attacks. Ransomware is a type of malware that encrypts data in a victim's system and requires a private key (which the hacker has) to decrypt the data. In order to get the private key, victims are forced to pay a ransom. In 2016 alone, the number of ransomware created increased by 752 per cent compared to the previous year; 2016 also marked the advent of ransomware-as-a-service as Advanced Persistent Threats began selling ransomware via affiliate programmes. This new business model incentivized and increased ransomware attacks, making them even more lucrative and successful. The ongoing pandemic has witnessed a 150 per cent increase in ransomware attacks since many businesses had to operate remotely. Cryptocurrency tracker Chain analysis reported that the ransoms paid to cybercriminals in 2020 alone amounted to USD 370 million.

Second, the growing influence of Advanced Persistent Threats (APTs). APTs are highly sophisticated groups of cybercriminals who engage in cyberterrorism, cyberespionage, cybercrimes and hacktivism. These groups are usually state-sponsored due to their scale of operations and precise targets. Each APT has its own agenda. DarkSide, for instance, was outspoken about its apolitical nature, the goal of gaining more money, and habit of giving a portion to charity. The rise in APT activity could also be directly tied to the pandemic. The cybersecurity measures of numerous companies could not guarantee safe and secure remote working conditions for employees. The recent trend amongst APTs is their ability to form cartels or disperse into newer groups. DarkSide, for example, is considered to be an offshoot of another prominent, persistent threat actor called REvil. This is one reason why cybersecurity experts find it hard to believe that groups like DarkSide would just shut down their operations. In reality, when APTs feel pressure from law enforcement agencies, they usually stay dormant for a while or disband the group to form another.

Third, the influence of cryptocurrency in abetting ransomware attacks. Cryptocurrencies have been used as the go-to form of ransomware demands and payments since 2015. Cryptocurrencies such as Bitcoin were created to form a decentralized financial system that would not require any singular entity to control the transactions. The opaque transaction processes embedded within cryptocurrencies like Monero have made it a favourite of ransomware operators. Popular currencies such as Bitcoin, on the other hand, make it easier for hackers to legitimize and circulate the illegal ransom. This has been one of the main reasons why governments are critical of cryptocurrencies. Once the ransom is paid, it becomes very hard for law enforcement agencies to trace and retrieve it.  

In perspective
The reign of ransomware and APTs such as DarkSide will continue as long as victims such as Colonial Pipeline are ready to pay a ransom. Law enforcement agencies have strongly advised individuals and businesses not to pay ransom to cybercriminals. But, the fear of personal or confidential data being leaked or deleted pushes most of the victims to pay. Businesses should follow good cybersecurity practices such as proper maintenance of system logs and multiple data backups to minimize the impact of ransomware attacks.

July 2021 | Conflict Alert # 411
Wildfires: Siberia to the US
July 2021 | Conflict Alert # 409
Bosnia: 26 years after the Srebrenica Massacre
July 2021 | Conflict Alert # 405
Colombia: Two months of protests
June 2021 | Conflict Alert # 399
Myanmar: New UNGA resolution
June 2021 | Conflict Alert # 397
Myanmar: The Aung San Suu Kyi trial begins
June 2021 | Conflict Alert # 390
Burkina Faso: Another massacre in Africa
June 2021 | Conflict Alert # 386
Nigeria: Another mass abduction grips Niger state
June 2021 | Conflict Alert # 385
Colombia: The protests continue
May 2021 | Conflict Alert # 382
Israel-Hamas ceasefire: The long road to peace
May 2021 | Conflict Alert # 380
Colombia: Three weeks of protests
May 2021 | Conflict Alert # 378
Israel-Palestine: Who wants what?
May 2021 | Conflict Alert # 374
Yemen: The Battle for Marib rages on
April 2021 | Conflict Alert # 371
Pakistan: Meetings with Afghan leaders

April 2021 | Conflict Alert # 369
Israel-Syria: Continuing Missile Strikes
April 2021 | Conflict Alert # 362
Iran: Another act of
April 2021 | Conflict Alert # 358
India: Another Maoist attack in Chhattisgarh
April 2021 | Conflict Alert # 356
Global Gender Gap Report 2021: Main Takeaways
March 2021 | Conflict Alert # 353
Niger: 137 massacred in the latest attack by gunmen
March 2021 | Conflict Alert # 351
Yemen: Saudi Arabia announces ceasefire
March 2021 | Conflict Alert # 347
Australia: Women fight against sexual violence 
March 2021 | Conflict Alert # 345
The US: The George Floyd trial begins
March 2021 | Conflict Alert # 340
Syria: UN report calls for a complete ceasefire

February 2021 | Conflict Alert # 333
South Korea: The 'Comfort Women' issue returns to haunt
January 2021 | Conflict Alert # 222
Russia: Pro-Navalny protests turn anti-government 
January 2021 | Conflict Alert # 220
COVID-19: The Vaccine Wars

December 2020 | Conflict Alert # 200
India: Farmers' protests intensify as deadlock persists

November 2020 | Conflict Alert # 191
Pakistan: Anti-French protests called off
October 2020 | Conflict Alert # 174
Bangladesh: Protests intensify against sexual violence
October 2020 | Conflict Alert # 167
India crosses 6 million-mark in COVID-19 cases
September 2020 | Conflict Alert # 166
Pakistan: The persisting polio problem
September 2020 | Conflict Alert # 156
Pakistan: Targeted Violence continues in Waziristan

September 2020 | Conflict Alert # 154
The anti-Racist Protests in the US: Between
August 2020 | Conflict Alert # 148
Israel and UAE normalize relations

August 2020 | Conflict Alert # 146
Bolivia: Protests against the Election postponement
August 2020 | Conflict Alert # 138
In Iraq, the protestors return to the streets 
July 2020 | Conflict Alert # 118
J&K: Geelani's Exit and Continuing Violence
June 2020 | Conflict Alert # 105
Black Lives Matter brings the US to its knees
May 2020 | Conflict Alert # 86
Libya: Khalifa Haftar announces ceasefire 
May 2020 | Conflict Alert # 81
India: The surge in violence in J&K
April 2020 | Conflict Alert # 71
Afghanistan: 300 Taliban prisoners released

April 2020 | Conflict Alert # 67
Syria: New UN Report on Idlib

April 2020 | Conflict Alert # 64
A lethal impact on the Refugee/Migrant Camps 
April 2020 | Conflict Alert # 63
Indigenous Communities battle a complete wipeout 

March 2020 | Conflict Alert # 51
Coronavirus & China: Fall in numbers 

March 2020 | Conflict Alert # 47
Coronavirus & Nepal: In the second stage, cancels

March 2020 | Conflict Alert # 44
Two Presidents in Afghanistan
March 2020 | Conflict Alert # 42
'Aurat March': A New beginning across Pakistan 
March 2020 | Conflict Alert # 38
Sri Lanka withdraws from 30/1 Geneva Resolution
February 2020 | Conflict Alert # 35
A ceasefire between Israel, Islamic Jihad in Gaza

February 2020 | Conflict Alert # 34
Libya: rivals withdraw from Geneva peace talks
February 2020 | Conflict Alert # 33
India: Violence in Delhi
February 2020 | Conflict Alert # 32
Afghanistan: Seven Days of Peace
February 2020 | Conflict Alert # 31
Climate Change Fallouts: Impacts the Bird population

February 2020 | Conflict Alert # 28
Pakistan: Court convicts LeT founder Hafiz Saeed
February 2020 | Conflict Alert # 27
Pakistan: Suicide terrorism returns to haunt Quetta

February 2020 | Conflict Alert # 26
Afghanistan: The US-Taliban Seven Day Deal
February 2020 | Conflict Alert # 24
Israel: Violence in post  Trump-deal
January 2020 | Conflict Alert # 20
Kenya: Al Shabab and a week of killings
December 2019 | Conflict Alert # 19
Citizenship Amendment Bill:2019

November 2019 | Conflict Alert # 18
Lebanon: PM Hariri quits, but protests continue 
October 2019 | Conflict Alert # 16
Bolivian unrest
October 2019 | Conflict Alert # 15
Hundreds protest in Haiti

October 2019 | Conflict Alert # 14
Protests rock Chile
October 2019 | Conflict Alert # 13
Hong Kong Violence: A divide within
October 2019 | Conflict Alert # 12
Spain: The trouble in Catalonia
October 2019 | Conflict Alert # 11
Turkey's Offensive in Syria

August 2019 | Conflict Alert # 9
Africa to be Polio Free
August 2019 | Conflict Alert # 7
Myanmar: Teenage girls traded as brides to China

August 2019 | Conflict Alert # 6
Moscow Protests: Thousands rally in Moscow
August 2019 | Conflict Alert # 3
Jordan Restores diplomatic ties with Qatar