DarkSide Ransomware Gang is a relatively new ransomware threat believed to be based out of Russia. In early May, Darkside was confirmed by the FBI to be the culprit for the cyberattack on the Colonial Pipeline, which lead to a fuel supply interruption up along the East Coast.

DarkSide, like other ransomware, practices double extortion, which includes demanding ransom for a digital key to unlock your files and servers, and another ransom for the promise to destroy that data. This practice is meant to pressure targets into paying the ransom and should the target be unwilling to pay, they go a step further by threatening to publish sensitive data on a leak site.

This leak site which is operated by the DarkSide group has created press corners encouraging news reporters to register to receive advance information about breaches and non-public information. They have even reached out to data decryption companies seeking a partnership with them to help victims without the IT workforce to decrypt their data once they have paid. They do this in an effort to portray themselves as a modern-day Robin Hood of sorts, even claiming to donate portions of ransom payments to charity. On the website, you can also find a code of conduct that prohibits them from attacking funeral services, hospitals, palliative care, nursing homes, and companies involved with distributing the COVID-19 vaccine.

The Darkside group is quick to dub themselves as the good guys and claim to only target large corporations. What they do not want you to know is that they have made their ransomware available to other cybercriminal groups and marketed it on Russian underground forums. This means the ransomware is available to any and everyone and no business, large or small, is exempt.

You must be ready the ransomware threat is imminent. Be safe out there.

Listed below are ways to reduce the risk of compromise by attacks:

  • Require multi-factor authentication.
  • Enable strong spam filters to prevent phishing emails from reaching end users.
  • Implement a user training program with simulated attacks.
  • Filter network traffic
  • Keep all software up to date.
  • Keep limited access to your networks.
  • Set antivirus/antimalware programs to conduct regular scans.
  • Implement unauthorized execution prevention.
  • Implement regular data backup procedures.