In 2020, from the shadows of the “Dark Web” a new ransomware operation named DarkSide was born. This outfit began attacking organizations in Mid-Summer 2020 with custom attacks that netted million-dollar payouts. The group that would be eventually responsible for one of the most notable attacks in history, the Colonial Pipeline Attack, started their reign of terror with highly targeted breaches that focused on big game and big money. The fear of data loss early on even led several victims to pay the $1 million demanded.
In a trend that they helped innovate, DarkSide sent out a press release to announce their existence. The press release, which was distributed to a Dark Web site and dated August 10th of 2020, says…
“We are a new product on the market, but that does not mean we have no experience, and we came from nowhere.”
DarkSide hackers claim to have already made “millions of dollars” from partnerships with other ransomware gangs. Still, they say they created DarkSide because their hunt for the perfect cryptolocker attack tool failed to develop ideal code.
DarkSide only targets companies that can pay big and do not “want to kill your business.”
The DarkSide press release says the group analyzes financial records to determine how much of a ransom can be paid by victims. DarkSide also says that they will not target hospitals, hospices, schools, universities, non-profit organizations, or government agencies.
In the past, the DoppelPaymer and Maze ransomware groups have made similar promises, relating at least to the health sector, starting with the COVID-19 pandemic.
Mitigating Against the Potential Threat from DarkSide
Reducing the risk of data loss is key against DarkSide. This entails going back to the security basics and doing more than just making data backups. Companies need to lower their risk of cyber attacks, close the window of vulnerabilities to minimize their attack surface, and make security a real priority.
So make sure to keep everything patched and up to date, remember to employ strong authentication wherever you can, instruct all employees to be aware of potential threats that may allow ransomware attackers onto your network. Also, make sure to safeguard your digital footprint to make things harder for cybercriminals.
