DarkSide decryptor unlocks systems without ransom payment – for now | SC Media

DarkSide decryptor unlocks systems without ransom payment – for now | SC Media

Antivirus company BitDefender has released a decryptor for victims of the DarkSide ransomware gang.


The decryptor was publicly posted on the BitDefender website Jan. 11 and is available for download to all. It can be used by current victims to unlock their systems and data without having to pay a ransom. According to a short blog included with the release, the tool automatically scans and searches for file extensions associated with the encrypted files and decrypts them.


In response to a follow-up inquiry from SC Media, BitDefender said the decryptor works on all DarkSide infections. Relatively new on the scene, (the group first emerged in August 2020), DarkSide operators are among a host of groups that have emerged over the past year vying for dominance in the ransomware market.


“After the demise of GandCrab, players in the ransomware space have been fighting for supremacy and affiliates,” said BitDefender Threat Research Director Bogdan Botezatu in an emailed statement. “DarkSide is one such competitor, and although it is relatively new, it has already successfully managed to infect multiple targets and stay relevant.”


The group operates as ransomware-as-a-service, selling or leasing customized versions of their malware to other partners to use in their own attacks. According to Digital Shadows, the group uses “a highly targeted approach” to selecting victims, carefully crafts custom code for each target and uses sophisticated, almost corporate-like methods of communication during attacks.


Just how much the release of the decryptor ends up setting back DarkSide operations is not clear. Its utility would be most relevant for current victims and those who previously declined to pay the r ..