What is DarkSide ransomware?
DarkSide is a relatively new ransomware group, only appearing on the scene in August 2020 in Russian-language hacking forums. They have poised themselves as a new type of ransomware-as-a-service business, attempting to inculcate “trust” and a sense of reliability between themselves and their victims.
DarkSide offers its RaaS to affiliates for a percentage of the profits. The group presents a prime example of modern ransomware, operating with a more advanced business model. Modern ransomware identifies high-value targets and involves more precise monetization of compromised assets (with double extortion as an example). Modern ransomware attacks are also typically done by several groups who collaborate and split profits. These attacks may look more like advanced persistent threat (APT) attacks than traditional ransomware events.
What happened to the Colonial Pipeline?
In an apparent response to—though not an admission of involvement in—the attack, DarkSide released a statement on their website stating that they would introduce “moderation” to “avoid social consequences in the future.”
What organisations should do to defend against DarkSide?
In those situations, there is no guarantee that they will get their data/systems restored by the attackers, that there won’t be data corruption, that their stolen information will be deleted from the attackers’ servers or that those responsible won’t follow up with another attack and ransom demand in the future.
Organisations need to detect the attack at the earliest stages and block the threat outright. That’s why prevention is the key to defending against ransomware like DarkSide. This takes a future-ready, multi-layered operation-centric approach where Indicators of Behavior (IOBs) are leveraged to detect earlier and remediate faster than attackers can adapt their tactics.
Tal to us to learn more and see how we protect our customers against attacks like DarkSide.
