DarkSide ‒ the name given to both the gang and the ransomware it operated ‒ announced on May 13, 2021 that it would immediately cease operation of the DarkSide Ransomware-as-a-Service (RaaS) program. Three days later, researchers published an analysis of a newly found DarkSide variant containing a new function. It was found before the program closure -- raising two questions: is the new variant a threat; and what should we make of the DarkSide shutdown?
The answers to these questions are liberally strewn with possibly, probably and maybe.
The DarkSide RaaS operation
DarkSide operated a complex RaaS program. Matt Lock, the UK technical director at Varonis, explains that sometimes their affiliates would take the ransomware and control the entire attack; sometimes the affiliate would provide the access and DarkSide would effect the attack; sometimes it would be the reverse; and for really ‘juicy’ targets, DarkSide might do everything itself. The proceeds from any successful extortion would be divided between DarkSide and the affiliate concerned.
For this reason, even though it is easy to recognize a DarkSide attack, it is often difficult to know exactly who is conducting the attack. FireEye believes it has identified at least five affiliate groups.
Through the course of its operations, DarkSide and its affiliates have raked in an estimated $90 million (calculated at the time of analysis) in Bitcoin, according to blockchain analytics firm Elliptic.
Each use of the malware would be tailored for each individual attack, even down to having different ..
Support the originator by clicking the read the rest link below.
