DarkSide Ransomware is the malware that disrupted the Colonial pipeline creating a massive outage for gasoline throughout the eastern USA, with about 50% reduction of availability.  CISA & FBI share an awareness & best practices to prevent similar occurrences within our national infrastructure & service firms

Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware | CISA

DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks | CISA

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company.

Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy.

Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process. In addition to the Joint CSA, CISA and FBI urge CI asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.

Resources