DarkSide

Description

(Varonis) The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages. The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.

While their initial entry vectors vary, their techniques are more standardized once inside, and their endgame is coldly efficient.

Names

Name
DarkSide

Category

Malware

Type

• Ransomware
• Big Game Hunting

Information

• https://www.varonis.com/blog/darkside-ransomware/
• https://www.acronis.com/en-us/articles/darkside-ransomware/
• https://www.kaspersky.com/blog/darkside-ransomware-industry/39377/
• https://exchange.xforce.ibmcloud.com/threats/guid:9fd2b1d398e4934699376051b74fc304
• https://blog.avast.com/ransomware-as-a-service-avast
• https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/
• https://us-cert.cisa.gov/ncas/alerts/aa21-131a
• https://www.flashpoint-intel.com/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/
• https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
• https://blog.malwarebytes.com/ransomware/2021/05/threat-spotlight-darkside-the-ransomware-used-in-the-colonial-pipeline-attack/
• https://unit42.paloaltonetworks.com/darkside-ransomware/
• https://www.csoonline.com/article/3618688/darkside-ransomware-explained-how-it-works-and-who-is-behind-it.html
• https://cofense.com/blog/darkside-ransomware-operations/
• https://geminiadvisory.io/who-is-darkside/
• https://www.fortinet.com/blog/threat-research/newly-discovered-function-in-darkside-ransomware-variant-targets-disk-partitions
• https://us-cert.cisa.gov/ncas/current-activity/2021/05/19/update-cisa-fbi-joint-cybersecurity-advisory-darkside-ransomware
• https://www.riskiq.com/blog/external-threat-management/darkside-affiliates/
• https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoin-deposit-on-hacker-forum/
• https://www.deepinstinct.com/2021/06/04/the-ransomware-conundrum-a-look-into-darkside/
• https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/
• https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
• https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version
• https://us-cert.cisa.gov/ncas/analysis-reports/ar21-189a
• https://asec.ahnlab.com/en/47174/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:darkside

Playbook

• https://pan-unit42.github.io/playbook_viewer/?pb=darkside-ransomware
• https://www.nomoreransom.org/uploads/DarkSide%20RANSOMWARE%20DECRYPTION%20TOOL.pdf

Other Information

Uuid

f1c9260c-3f22-42ce-a6fc-eed1a89e5c64

Last Card Change

2023-02-17