Robin Hood hackers: hackers turn social justice warriors

DarkSide, a cybercriminal hacking group, believed to be behind the recent cyberattack on Colonial Pipeline, have apologised. In response to the cyberattack, America's largest fuel pipeline was shut down for five days, causing a fuel shortage and impacting millions of Americans.

This hack is being considered the largest cyberattack on national infrastructure in history. However, attacks of this kind are not new - we saw a hacker gain access to Florida's water system in February, and hackers switch off Ukrainian power stations in 2015 and 2016.

What perhaps is surprising is DarkSide's response to public outcry - an apologetic statement and a promise to "introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future". In October last year, DarkSide also claimed to have donated thousands of pounds - extorted from various companies - to Children International and The Water Project.

Social media have deemed DarkSide 'Robin Hood hackers' - stealing from rich companies to give to the needy - with some suggestion that the vigilantism is justifiable. Companies already face a difficult decision on whether they should pay in response to ransomware threats; but if public support continues to grow, companies may find themselves unduly pressured into making public payments to so-called Robin Hood hackers.

So, if your company is hacked by a so-called social justice hacker, should you pay out? The potential impact on reputation must be carefully considered when deciding on a response. But we have seen little evidence of successful ransomware pay-outs. In fact, hackers often continue to extort the company after the initial payment and frequently still post the data online when the payments stop. We also predict that ransomware pay-outs will become illegal in many jurisdictions in the near future, with notable pressure from public bodies in the UK, France and America to outlaw these payments. See our Data Breach Framework or get in contact to discuss your options.