DarkSide

A new ransomware project called DarkSide started targeting companies earlier this month with targeted attacks that already won them payouts of millions of dollars.

The new ransomware project started conducting targeted attacks against various businesses around August 10th, 2020.

The attackers claimed in a “press release” that they claim to be former hackers who had made millions of dollars working with other ransomware projects.

They decided to develop their own ransomware operation, after not finding a “product” that matched their needs..

“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere.
We received millions of dollars profit by partnering with other well-known cryptolockers.
We created DarkSide because we didn’t find the perfect product for us. Now we have it.”

DarkSide states that they only target companies that can pay the specified ransom as they do not “want to kill your business.”

The threat actors have also stated that they do not target the following types of organizations.

  • Medicine (hospitals, hospices).
  • Education (schools, universities).
  • Non-profit organizations.
  • Government sector.

Whether they will honor this declaration is too early to say.

The ransoms ranged from $200,000 to $2,000,000 in ransom demands from DarkSide. Based on the victims, these figures will certainly be more or less.

Random demand ranges

DarkSide steals data before encrypting victims

Like other human-operated ransomware attacks, they can spread laterally across a network. DarkSide operators split a network until they obtain access to an administrator account as well as the Windows domain controller.

The attackers would steal unencrypted data from the victim’s servers and upload it to their own computers before they knew they were being attacked.

The stolen data would then be posted to a data leak site under their jurisdiction and used as part of the attempted extortion.

Once the data is uploaded online, the attackers will mention the name of the organization, the date it was infringed, how much data was stolen, the data screenshots and the types of data stolen.

DarkSide data leak site

DarkSide claims that if a victim will not pay, all of the data will be released on their website for at least six months.

The tactic of extorsion is intended to intimidate a victim into paying the ransom even though they can recover from backups.

When a victim pays the ransom, DarkSide promises that their leak site will delete the stolen data.