What is the DarkSide ransomware? And how it works | #microsoft | #hacking | #cybersecurity

DarkSide is a ransomware threat that has been in operation since at least August 2020 and was used in a cyberattack against Georgia-based Colonial Pipeline, leading to a major fuel supply disruption along the East Coast of the US. The malware is offered as a service to different cybercriminals through an affiliate program and, like other prolific ransomware threats, employs double extortion that combines file encryption with data theft and is deployed on compromised networks using manual hacking techniques.

In a recent report, researchers from threat intelligence firm Flashpoint said they believe “that the threat actors behind DarkSide ransomware are of Russian origin and are likely former affiliates of the REvil RaaS [ransomware-as-a-service] group.” 

A PR savvy group that claims moral principles

Researchers believe that the DarkSide creators initially ran all their targeted attack campaigns themselves, but after a few months they started making their ransomware available to other groups and marketed it on Russian-language underground forums. In their launch announcement they claimed to have already made millions of dollars in profits by partnering with other well-known cryptolockers (ransomware programs) in the past.

The group encourages news reporters to register on its website to receive advance information about breaches and non-public information and promises fast 24-hour replies to any media questions. They also invited data decryption companies to partner with them to help victims that don’t have large IT departments decrypt their data after they pay.

The group also claims that it doesn’t attack medical facilities, COVID vaccine research and distribution companies, funeral services, non-profit organizations, educational institutions, or government organizations because of its “principles.”

Following the attack on Colonial Pipeline, the group issued a statement saying that going forward it will review victims that its affiliates compromised and whose data they intend to encrypt:

Copyright © 2021 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

42 + = forty six