The US Puts a $10M Bounty on DarkSide Ransomware Hackers

The US Puts a $10M Bounty on DarkSide Ransomware Hackers 1
Plus: a “Trojan Source” bug, Russian hackers exposed, and more of the week’s top security news.

On Friday, the radical transparency group DDoSecrets released hundreds of hours of police helicopter surveillance footage. It’s unclear who originally obtained the data, or what that person’s motivations were, but the trove shows how extensive law enforcement’s eye-in-the-sky has become, and how high-fidelity its cameras are. Privacy advocates also say the incident underscores that authorities don’t do nearly enough to protect sensitive data and have retention policies that are far too lax. 

In other aerial news: For the first time, intelligence officials say, a consumer drone likely attempted to disrupt the US power grid. The July 2020 incident took place at a power substation in Pennsylvania; a DJI Mavic 2 quadcopter outfitted with nylon ropes and copper wire seemed determined to cause a short circuit, but it crash-landed on a nearby roof before it reached its apparent target. Security experts have warned about this possibility for years, and say that regulatory bodies haven’t moved quickly enough to mitigate the threat.

This week saw China’s new data privacy law go into effect, and the ramifications have already begun to play out. Yahoo! exited the country, citing an “increasingly challenging business and legal environment.” And while the regulations are some of the strictest in the world, the fact that the Chinese government has tied them to national security interests—and continues to give itself extraordinary access to its citizens’ data—may inspire other countries to take a similarly aggressive posture. 

Cryptocurrency scammers used the popularity of the Netflix hit Squid Game to gin up interest, then pulled the rug on investors to the tune of over $3 million. The White House Market dark web bazaar shuttered earlier this month, but it raised the bar for security measures during its brief reign. And if you’ve got iCloud+, here’s how to take advantage of all of the new security measures you can now access.

Finally, make sure you set aside a few minutes this weekend to dive into this tale of how a group of fed-up parents built their own open source version of their school system’s app—only to have the city call the cops on them.

And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.

The DarkSide ransomware gang spent a year or so as one of the most prolific groups in a very crowded field of criminal hackers, culminating in an attack on the Colonial Pipeline that caused a temporary gas shortage along the East Coast. They went dark not long after that, presumably because of all the attention, but likely reemerged as a group that called themselves BlackMatter not long after. Now, the US State Department has offered a reward of up to $10 million for anyone who has information that will help them identify or locate DarkSide leadership, as well as up to $5 million for tips that lead to the arrest or conviction of DarkSide affiliates. There’s no easy answer for ransomware, but putting pressure on its most high-profile perpetrators is at least a start.

Another way to deal with hackers? Dox them! That’s the approach Ukraine took this week, outing several members of Russia’s Gamaredon hacking group and linking them to the country’s FSB intelligence service. In addition to sharing the hackers’ names, Ukrainian authorities released audio of telephone calls in which they discuss their attacks and complain about their salaries. The Ukrainian Security Service says that Gamaredon has carried out more than 5,000 cyberattacks against 1,500 government targets since 2013.

A busy week for government enforcement! The US this week added four cybersecurity-related firms to its Entity List, which indicates that they were involved in “activities contrary to the national security or foreign policy interests of the United States.” The NSO Group is the most recognizable name; the spyware company’s Pegasus malware has been allegedly used to target journalists, dissidents, and human rights activists around the world. The Israeli company Candiru was accused of the same. Russian cybersecurity firm Positive Technologies found itself on the list as well; it had previously been sanctioned for supporting its homeland’s intelligence services, a charge also leveled against Singapore-based Computer Security Initiative Consultancy PTE.

Cambridge researchers this week reveled a flaw in a Unicode component that affects most code compliers, which in practice means that it has implications for, well, pretty much all code. The immediate concern is that the bug could be used in a supply chain attack, slipping vulnerabilities into the sort of foundational code that powers a large number of programs. Some organizations have already pushed patches, but we all know how that goes.


More Great WIRED Stories