Ransomware PR Discovers Moderation
Why is this Security meme funny?
Level 1: Bad Guys Make Rules
This is like a group of thieves saying, "We only wanted money, not trouble, so from now on we will be more careful about which houses we rob." The funny part is how serious and professional the message sounds, even though the basic activity is still wrong.
Level 2: Ransomware As A Business
Ransomware is malware that locks or encrypts a victim's files and demands payment to restore access. The word encrypt in the screenshot refers to making data unreadable without a key. Encryption is useful when used legitimately, but ransomware weaponizes it against the owner of the data.
The text also mentions partners. In ransomware-as-a-service models, one group may build the malware while affiliates break into victims and deploy it. That makes the screenshot's promise to "check each company" sound like a business process: they are saying they will review targets before allowing an attack.
The joke is that this sounds like normal platform moderation, except the platform is cybercrime. A social network might moderate posts to reduce harm. A ransomware group claiming moderation is funny in a grim way because the entire operation is already harmful.
Level 3: Extortion With Governance
The screenshot is dated 10.05.2021 and titled "About the latest news." It says, > "We are apolitical, we do not participate in geopolitics" and insists, > "Our goal is to make money, and not creating problems for society." The final line is the darkest punchline: > "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
That date matters. May 10, 2021 sits in the immediate aftermath of the Colonial Pipeline ransomware incident, when a cybercriminal operation associated with DarkSide had suddenly created consequences far beyond one victim company. A ransomware crew presenting itself as "apolitical" after a critical-infrastructure disruption is already absurd; adding moderation makes it sound like a criminal affiliate program has discovered trust-and-safety policy the hard way.
The humor is not that ransomware has rules. Modern Ransomware is often run like a business ecosystem: malware developers, affiliates, access brokers, negotiators, leak sites, payment infrastructure, and reputation management. The screenshot's language fits that ecosystem almost too well. "Partners" want to "encrypt" companies, management now wants to review targets, and the brand needs to reduce "social consequences." Congratulations, the extortion cartel has invented vendor risk management. Somewhere there is probably a quarterly OKR for "lower accidental geopolitical blast radius."
The truly bleak part is the phrase "not creating problems for society." Ransomware by design creates problems: unavailable systems, stolen data, operational outages, legal exposure, recovery costs, and public harm when hospitals, pipelines, municipalities, or suppliers are hit. The statement tries to separate profit-seeking crime from societal damage, as if encrypting another organization's computers is a neutral invoice-delivery mechanism until the news gets loud enough.
This is why the meme belongs under Security, CriticalInfrastructureSecurity, and OperationalRisk more than ordinary malware trivia. The screenshot captures the moment cybercrime stops looking like lone hackers in hoodies and starts looking like a dysfunctional SaaS company with worse ethics, worse incident response, and somehow a moderation queue.
Description
A dark gray screenshot titled "About the latest news." is dated "10.05.2021." The body text reads: "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future." The wording matches DarkSide's May 2021 ransomware post after the Colonial Pipeline incident, turning criminal extortion into grim trust-and-safety theater.
Comments
32Comment deleted
When your ransomware affiliate program needs moderation, you have reinvented enterprise governance with worse incident response.
Is this from hackers who broke that US fuel pipeline? Comment deleted
Yes! Comment deleted
Interestingy that they seem to actually provide this encrypting/ransom thing as a service for any "parner" Comment deleted
Yeah, hacker tools sold as SaaS for long time already Comment deleted
Can someone explain this? Comment deleted
1. A hacker group encrypts systems managing Colonial Pipelines, basically affecting 45% of oil supply of the Eastern States (New York, Virginia, Florida, you name it) 2. Immediately some people start accusing Russia of the attack 3. The attacking group issues the OP (with strong accent, possibly Russian), denying all accusations of being a state-funded entity. Comment deleted
Thanks Comment deleted
Please give link. Thank u Comment deleted
Link to 1: https://www.msn.com/en-us/news/us/what-we-know-about-the-colonial-pipeline-shutdown/ar-BB1gzWpP 2: https://www.nbcnews.com/politics/national-security/russian-criminal-group-may-be-responsible-colonial-pipeline-ransomware-attack-n1266793 3: OP, see the root of this thread :) Comment deleted
Oh. So, you can actually figure out accents by reading texts? Comment deleted
This. I know both Russian and English and that tweet doesn't look like its from someone who's main language is Russian. Comment deleted
Yes it is. London is a capital of Great Britain. Comment deleted
Je ne mange pas six jours Comment deleted
We haven't eaten for 7 days! https://youtu.be/stlZEKoJg10 Comment deleted
It does, actually. The "a/the" articles usually are a dead giveaway, but they did a good job on them. What caught my eye was: - "do not need to tie us with..." - " не нужно причислять нас к" - this one's obvious, should just be "do not tie us with" or "no need to tie us witch" - "to create money ... not creating problems" - mixing up the tenses a bit. should be either "making money.. not creating" or "to make .. not to create" - "from today" - "с сегодняшнего дня" - also pretty obvious, should be "from now on" or "starting from today" - "we introduce ... and check" - check should be a subj, not a verb in this case Rate and subscribe to my linguistical analysis Comment deleted
Very good Ted talk Comment deleted
you can add crazy abundance of commas and usage of the word "geopolitics" - every time I see it lately it has Russian origins. Comment deleted
commas are essential and dissing oxford commas was a mistake! very true though, russian is hard to read without them Comment deleted
hah. There are some very common mistakes that tend to be present in the English text written by people conversing in some specific language. For instance a native English-speaker tends to swap you're and your, as they sound pretty similar and he basically speaks in his mind and writes what it sounds. A non-native never ever mistypes "your" for "you're". And from my personal experience this text above cries "RUSSIAN". Comment deleted
A non-native never ever mistypes "your" for "you're". Brrrrruuuuuuhhhh Comment deleted
Thank you for ze explanation, comrades😃😎 Comment deleted
I may be wrong here. Again, personal experiences. I think as a Russian (or Dutch, or Chinese) person thinks in their native language and translates to English, it makes no sense to say e.g. "your absolutely right here" An American person however thinks in English and writes to the inner mind's dictation, and its "it's" sounds pretty much like "its", and "your" is indistinguishable from "you're". Comment deleted
there's some slightly different pronounciation in how I pronounce it, but I'm not a native speaker. Comment deleted
Grammar is the difference between knowing your shit and knowing you're shit. (c) Internet. Comment deleted
Golden Comment deleted
😂 so u can distinguish native-russian writing in English vs native-ucrainian? And then tell if the ucrainian is working for MI-6 writing with “strong possibly russian accent” lol so much british dogshit Comment deleted
Exactly! Look at the italic now: 3. The attacking group issues the OP (with strong accent, possibly Russian), Comment deleted
This is not just about state funded What I like most: they will run due diligence on companies their clients plan to attack! To prevent! Social! Consequences! Comment deleted
And even !Biden! confirmed that DarkSide isn’t gov funded group! That’s completely crazy stuff! Comment deleted
Russian is my first Comment deleted
Idk it looks like nothing I've seen before from Russians Comment deleted