Earlier this month, a ransomware attack forced Colonial Pipeline, a company responsible for nearly half the fuel supply for the US East Coast, to shut down operations. The Federal Motor Carrier Safety Administration (FMCSA) declared a state of emergency in 18 states to help with the shortages. It took a week for Colonial to be able to resume full operations.
The FBI has since confirmed that DarkSide, a cybercriminal group is behind the attack. What’s novel about DarkSide is its innovative approach to cybercrime as a commercial service, and an enterprise that successfully monetises such criminal enterprises. DarkSide is actually marketing its ‘extortion services’ on the dark web, and hosts a press centre where it announces its ‘victims’.
The evolution of ransomware through actors such as DarkSide shows the potential for systemic disruption: bigger targets, more advanced extortion techniques, and knock-on consequences that go well beyond the victims. It foregrounds the need for cyber-security, and could also have wide-ranging implications for how we legislate around this, as well as around data privacy.