Darkside Ransomware Analysis

Darkside ransomware is known for living off the land (LOtL), though after close analysis we observed them to scan networks, run commands, dump processes, and steal credentials. Like the command and control code, the attack tools were also executed on hosts that had minimal detection and blocking capabilities.

Laptop

What is Darkside Ransomware?

Darkside ransomware first began attacking organizations around August of 2020.  The Darkside criminal organization announced this via press release. It stated, "We are a new product on the market, but that does not mean that we have no experience and we came from nowhere.
We received millions of dollars profit by partnering with other well-known cryptolockers.
We created DarkSide because we didn't find the perfect product for us. Now we have it."

 

The organization behind Darkside has stated they are not going after  educations, medical, non-profit, or government organizations.

 

Similar to other ransomwares, they steal a company's data then encrypts it.  This is done to double the threat of not only losing your data, but making private data public.  Darkside ransomware was behind the latest cyber attack on the Colonial Fuel Pipeline.  

Contact us right away if you think you have been compromised by Darkside or other ransomware variants.