“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
The attack is the latest in a recent rush of unrelated ransomware attacks across the country. A different group recently broke into Washington, D.C.’s Metropolitan Police Department and began leaking extremely detailed and personal files on officers. A third stole files from a major Apple supplier based in Taiwan and released previously private specs for Apple products.
Many Russian cybergangs work as independent operations, though they are sometimes recruited to work for Russian intelligence — and they generally avoid attacking targets in Russia.
Brett Callow, an analyst at the cybersecurity company Emsisoft who tracks ransomware, said there were signs in DarkSide’s malicious software that it was meant to hit targets outside Russia and eastern Europe. He noted that the software is coded to not work against computers where Russian or one of several other eastern European languages are set as the default.
“DarkSide doesn’t eat in Russia,” Callow said. “It checks the language used by the system and, if it’s Russian, it quits without encrypting.”