Skip to content
DevMeme
2779 of 7435
Ransomware PR Discovers Moderation
Security Post #3071, on May 10, 2021 in TG

Ransomware PR Discovers Moderation

Why is this Security meme funny?

Level 1: Bad Guys Make Rules

This is like a group of thieves saying, "We only wanted money, not trouble, so from now on we will be more careful about which houses we rob." The funny part is how serious and professional the message sounds, even though the basic activity is still wrong.

Level 2: Ransomware As A Business

Ransomware is malware that locks or encrypts a victim's files and demands payment to restore access. The word encrypt in the screenshot refers to making data unreadable without a key. Encryption is useful when used legitimately, but ransomware weaponizes it against the owner of the data.

The text also mentions partners. In ransomware-as-a-service models, one group may build the malware while affiliates break into victims and deploy it. That makes the screenshot's promise to "check each company" sound like a business process: they are saying they will review targets before allowing an attack.

The joke is that this sounds like normal platform moderation, except the platform is cybercrime. A social network might moderate posts to reduce harm. A ransomware group claiming moderation is funny in a grim way because the entire operation is already harmful.

Level 3: Extortion With Governance

The screenshot is dated 10.05.2021 and titled "About the latest news." It says, > "We are apolitical, we do not participate in geopolitics" and insists, > "Our goal is to make money, and not creating problems for society." The final line is the darkest punchline: > "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

That date matters. May 10, 2021 sits in the immediate aftermath of the Colonial Pipeline ransomware incident, when a cybercriminal operation associated with DarkSide had suddenly created consequences far beyond one victim company. A ransomware crew presenting itself as "apolitical" after a critical-infrastructure disruption is already absurd; adding moderation makes it sound like a criminal affiliate program has discovered trust-and-safety policy the hard way.

The humor is not that ransomware has rules. Modern Ransomware is often run like a business ecosystem: malware developers, affiliates, access brokers, negotiators, leak sites, payment infrastructure, and reputation management. The screenshot's language fits that ecosystem almost too well. "Partners" want to "encrypt" companies, management now wants to review targets, and the brand needs to reduce "social consequences." Congratulations, the extortion cartel has invented vendor risk management. Somewhere there is probably a quarterly OKR for "lower accidental geopolitical blast radius."

The truly bleak part is the phrase "not creating problems for society." Ransomware by design creates problems: unavailable systems, stolen data, operational outages, legal exposure, recovery costs, and public harm when hospitals, pipelines, municipalities, or suppliers are hit. The statement tries to separate profit-seeking crime from societal damage, as if encrypting another organization's computers is a neutral invoice-delivery mechanism until the news gets loud enough.

This is why the meme belongs under Security, CriticalInfrastructureSecurity, and OperationalRisk more than ordinary malware trivia. The screenshot captures the moment cybercrime stops looking like lone hackers in hoodies and starts looking like a dysfunctional SaaS company with worse ethics, worse incident response, and somehow a moderation queue.

Description

A dark gray screenshot titled "About the latest news." is dated "10.05.2021." The body text reads: "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future." The wording matches DarkSide's May 2021 ransomware post after the Colonial Pipeline incident, turning criminal extortion into grim trust-and-safety theater.

Comments

32
Anonymous ★ Top Pick When your ransomware affiliate program needs moderation, you have reinvented enterprise governance with worse incident response.
  1. Anonymous ★ Top Pick

    When your ransomware affiliate program needs moderation, you have reinvented enterprise governance with worse incident response.

  2. @Agent1378 5y

    Is this from hackers who broke that US fuel pipeline?

    1. dev_meme 5y

      Yes!

  3. @Agent1378 5y

    Interestingy that they seem to actually provide this encrypting/ransom thing as a service for any "parner"

    1. dev_meme 5y

      Yeah, hacker tools sold as SaaS for long time already

  4. @waifu_anton 5y

    Can someone explain this?

    1. @kitbot256 5y

      1. A hacker group encrypts systems managing Colonial Pipelines, basically affecting 45% of oil supply of the Eastern States (New York, Virginia, Florida, you name it) 2. Immediately some people start accusing Russia of the attack 3. The attacking group issues the OP (with strong accent, possibly Russian), denying all accusations of being a state-funded entity.

      1. @waifu_anton 5y

        Thanks

      2. @Agent1378 5y

        Please give link. Thank u

        1. @kitbot256 5y

          Link to 1: https://www.msn.com/en-us/news/us/what-we-know-about-the-colonial-pipeline-shutdown/ar-BB1gzWpP 2: https://www.nbcnews.com/politics/national-security/russian-criminal-group-may-be-responsible-colonial-pipeline-ransomware-attack-n1266793 3: OP, see the root of this thread :)

          1. @Agent1378 5y

            Oh. So, you can actually figure out accents by reading texts?

            1. @YaroST12 5y

              This. I know both Russian and English and that tweet doesn't look like its from someone who's main language is Russian.

              1. @Agent1378 5y

                Yes it is. London is a capital of Great Britain.

                1. @p4vook 5y

                  Je ne mange pas six jours

                  1. @Agent1378 5y

                    We haven't eaten for 7 days! https://youtu.be/stlZEKoJg10

              2. @pixelsex 5y

                It does, actually. The "a/the" articles usually are a dead giveaway, but they did a good job on them. What caught my eye was: - "do not need to tie us with..." - " не нужно причислять нас к" - this one's obvious, should just be "do not tie us with" or "no need to tie us witch" - "to create money ... not creating problems" - mixing up the tenses a bit. should be either "making money.. not creating" or "to make .. not to create" - "from today" - "с сегодняшнего дня" - also pretty obvious, should be "from now on" or "starting from today" - "we introduce ... and check" - check should be a subj, not a verb in this case Rate and subscribe to my linguistical analysis

                1. @YaroST12 5y

                  Very good Ted talk

                2. @kitbot256 5y

                  you can add crazy abundance of commas and usage of the word "geopolitics" - every time I see it lately it has Russian origins.

                  1. @pixelsex 5y

                    commas are essential and dissing oxford commas was a mistake! very true though, russian is hard to read without them

            2. @kitbot256 5y

              hah. There are some very common mistakes that tend to be present in the English text written by people conversing in some specific language. For instance a native English-speaker tends to swap you're and your, as they sound pretty similar and he basically speaks in his mind and writes what it sounds. A non-native never ever mistypes "your" for "you're". And from my personal experience this text above cries "RUSSIAN".

              1. @YaroST12 5y

                A non-native never ever mistypes "your" for "you're". Brrrrruuuuuuhhhh

                1. @Agent1378 5y

                  Thank you for ze explanation, comrades😃😎

                2. @kitbot256 5y

                  I may be wrong here. Again, personal experiences. I think as a Russian (or Dutch, or Chinese) person thinks in their native language and translates to English, it makes no sense to say e.g. "your absolutely right here" An American person however thinks in English and writes to the inner mind's dictation, and its "it's" sounds pretty much like "its", and "your" is indistinguishable from "you're".

                  1. @RiedleroD 5y

                    there's some slightly different pronounciation in how I pronounce it, but I'm not a native speaker.

              2. @cfyzium 5y

                Grammar is the difference between knowing your shit and knowing you're shit. (c) Internet.

                1. @kitbot256 5y

                  Golden

              3. @anatoli26 5y

                😂 so u can distinguish native-russian writing in English vs native-ucrainian? And then tell if the ucrainian is working for MI-6 writing with “strong possibly russian accent” lol so much british dogshit

                1. @kitbot256 5y

                  Exactly! Look at the italic now: 3. The attacking group issues the OP (with strong accent, possibly Russian),

      3. dev_meme 5y

        This is not just about state funded What I like most: they will run due diligence on companies their clients plan to attack! To prevent! Social! Consequences!

  5. dev_meme 5y

    And even !Biden! confirmed that DarkSide isn’t gov funded group! That’s completely crazy stuff!

  6. @YaroST12 5y

    Russian is my first

  7. @YaroST12 5y

    Idk it looks like nothing I've seen before from Russians

Use J and K for navigation