In January, cybersecurity firm Bitdefender had released a free tool to help victims of the DarkSide ransomware recover their encrypted files for free. However, this did not deter the spirit of the operators and they are back with a new set of threats and attacks.
Background
DarkSide is a Ransomware-as-a-Service (RaaS) that has been active since August 2020.
As a part of the modus operandi, the group operated the ransomware through ads posted on cybercrime forums. Eventually, it used a well-established RaaS model to partner with other cybercrime groups.
The primary targets of the ransomware include companies in the professional services and manufacturing sectors.
Did the release of decryptor lead to DarkSide shutdown?
No, it didn’t seem so. In March, threat intelligence experts warned of a new version of the ransomware that featured a faster encryption process, VoIP calling, and modules to target virtual machines.
Moreover, DarkSide 2.0 featured multithreading capabilities in both Windows and Linux versions. While the Windows version encrypted files faster than any other RaaS model, the Linux version targeted VMware ESXi vulnerabilities to hijack virtual machines and encrypt their virtual hard drives.
Furthermore, the ransomware variant has also been designed to target NAS devices, including Synology and OMV.
What other changes did the gang implement?
Not content with its victim-pressuring tactics, the DarkSide gang forged ahead with DarkSide Leaks to increase the chance of receiving ransom payments.
According to a report from Kaspersky, the gang leverages the media and engages with journalists to give updates on upcoming leaks.
Apart from the ransom demand made against the decryption key, the gang persuades reluctant victims to pay the ra ..
Support the originator by clicking the read the rest link below.
