Home / Definitions / DarkSide Ransomware

DarkSide Ransomware

Ali Azhar
Last Updated May 14, 2022 2:31 am

DarkSide ransomware, first discovered in August 2020, is used to perform sensitive data theft and send threats to reveal that data to the public. The most common targets of DarkSide ransomware are high-revenue organizations and companies in English-speaking countries. In this definition, learn about this ransomware attack, its history, and prevention methods.

What Is DarkSide Ransomware?

DarkSide ransomware is associated with the DarkSide group, which operates as ransomware as a service (RaaS). This group is notorious for the double extortion of victims in which they first ask for separate ransoms to unlock the affected servers or computers and then retrieve the stolen data.

Origins of DarkSide Ransomware

The DarkSide hacking group is believed to be based in Eastern Europe or Russia, but their actual whereabouts remain unknown. The group claims to not target hospitals, universities, non-profit organizations, schools, or government institutions.

In fact, DarkSide Group has tried to develop a “Robin Hood” image by claiming to only target wealthy companies and giving some of the ransom money to charity; they often post receipts of their charitable donations.

Their software, DarkSide ransomware, uses an affiliate model in which hackers are given access to DarkSide ransomware to infiltrate a specified target in return for a percentage share of the ransom payment. The hackers are chosen by the DarkSide group through virtual interviews.

What Was the Impact and Aftermath of the DarkSide Ransomware Attacks?

Several different attacks have been perpetrated around the globe using DarkSide ransomware. In May 2021, one of the largest fuel supply companies in the U.S., Colonial Pipeline, was attacked by DarkSide ransomware. Other victims of this ransomware include CompuCom, Discount Car and Truck Rentals, and a Toshiba Tech facility in France.

The ransom demand or the settled amount is often not revealed by the attackers or the victims, but it is estimated that the CompuCom attack cost over $20 million in restoration.

The cryptocurrency security firm, Elliptic, claims that DarkSide has received payments in excess of $90 million from different victims. The ransom payments are often received through a cryptocurrency wallet to prevent tracking of the funds.

Prevention of DarkSide Ransomware

There are several security measures that can be used to prevent DarkSide ransomware from affecting your business: 

  • Keep strong login credentials
  • Use a secure VPN to access the network
  • Establish separate folders for each user to limit the spread of compromised file access
  • Regularly back up all system and company data
  • Manage security tools and software and keep them up to date

DarkSide ransomware techniques will continue to evolve, so companies and security firms need to keep improving their defensive techniques to prevent such attacks.

Learn more: How to Prevent Ransomware Attacks: 20 Best Practices