
MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.
Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.
Woris thought this last ploy was a particularly nice touch.
“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”
released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.
Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.