MalwareHunterTeam recently discovered a new ransomware project called DarkSide, which conducts custom attacks and demands millions of dollars to ransom payouts. A similarity in the source code indicates that threat actors could follow in GandCrab and REvil ransomware’s footsteps.
The new DarkSide ransomware project targets various companies and tries to gain access to the compromised network’s administrator account and domain controller.
Once they are in, they are retrieved and uploaded to their own computers without being authenticated from the victim’s servers.
DarkSide terminates many files, office apps as well as mail clients in order to prepare the victim’s computer for encryption, according to Advanced Intel’s Vitali Kremez.
Their demand for ransom varies between $200,000 and $2,000,000. Apparently, the hackers also have a website where the names of the victim, the violated dates, and the screenshots are displayed as proof.
DarkSide’s Hackers Perspective
The threat from DarkSide announced that it has raised millions of dollars with other established cryptologists.
You said you are looking for a new custom product to fulfill your demands and hence developed this ransomware.
It is also stated in the press release that the attackers intend to avoid targeting other sectors like health, education, public administration, and NGOs.
Connection To REvil And GandCrab
DarkSide intentionally prevents victims of infection in CIS countries. The source code for this action is the same as REvil and GandCrab.
The ransom note left by REvil uses almost the same structure as the ransom note of the REvil.
The Rise Of Ransomware
In the past few months , the number of ransomware attacks has risen significantly. On the one hand there have been a large number of new ransomware devices, such as VHD, Ensiko and many others, while on the second hand, almost all major law enforcing bodies, such as Interpol and FBI, have been busy warning users of the rapid rise in ransomware-related activities.
In order to protect organizations from the threats of ransomware, they must take extreme steps, such as regular data backups, multi-factor authentication and intrusion detection and prevention solutions.