DarkSide ransomware arrived on the hacking scene with a mild-tempered yet sinister press release in August 2020. In it, the DarkSide ransomware group specified that they were only interested in attacking for-profit organizations capable of paying the ransom without cratering their business, and promised never to hit medical or educational institutions. How polite of them!
The DarkSide ransomware group further made their voice heard by attacking businesses like Toshiba Tec Corp. and Brenntag. But the straw that broke the camel’s back came in May 2021 when they attacked the Colonial Pipeline Company, who operates the Colonial Pipeline which supplies 45% of the US east coast’s fuel. This forced the company to shut down their digital systems for five whole days, which attracted the attention of the FBI. Investigators managed to seize $2.3 million worth of cryptocurrency from the DarkSide ransomware group, who appeared to disband in response.
But cybersecurity experts argue that their dissolution may be a ruse—meaning you and your company may still be at risk when it comes to DarkSide ransomware. Read on to discover more about this harmful ransomware, and learn how you and your company can stay protected from it.
DarkSide ransomware encrypts and steals sensitive data, typically from large companies with the means to pay the requested ransom. The attackers then threaten to make the stolen data publicly available in the event their stated ransom is not paid in full.
But what makes the DarkSide ransomware group such a threat is that they employ a double extortion approach to extract money from DarkSide ransomware victims. Namely, DarkSide ransomware demands one payment to unlock affected devices, and then another payment to retrieve stolen data.
In order to gain access to a company’s network of devices, the group employed techniques such as phishing, remote desktop protocol (RDP) abuse, and brute force attacks, all in an attempt to exploit the CVE-2020-3992 and CVE-2019-5544 vulnerabilities—both of which have since been patched to fix the vulnerabilities.
Once in, the ransomware checks the infected machine’s default system language and its name. If the infected user has administrative privileges to their devices, it’s down to business; if not, the ransomware is happy to try obtaining privileges with a user account control bypass technique. Next, the ransomware exfiltrates data and encrypts local data on the machine. Finally, it disables security protection services and deletes volume shadow copies. This way, the user can’t revert their encrypted data back to the non-encrypted copies.
With the files encrypted and data exfiltrated, the attackers plant a ransom note instructing the DarkSide ransomware victims that their data will be made publicly available—and the media informed—if the ransom is not paid in full before the specified time.
We can do that—and you don’t even need to have the Force to pull it off! Here’s a handful of smart, intuitive ways to protect yourself from the DarkSide ransomware group:
By adhering to each and every one of these helpful tips, you can help ensure that DarkSide ransomware remains a thing of the past.
Now that you know all there is to know about staying protected from DarkSide ransomware, you’re ready to defend yourself and your organization against cybercriminals. Read “What Is Ransomware?” to learn how hackers hold sites hostage—and which four steps can ensure yours will be protected.