MALWARE: DarkSide
DarkSide is a ransomware-as-a-service (RaaS) outfit that provides ransomware to affiliates within its network in return for a cut of any profits made by extorting victim organizations.
DarkSide affiliates employ a double-extortion tactic, in which companies first receive a demand for payment in return for a decryption key to unlock systems infected with DarkSide ransomware. If they refuse, they are then threatened with the public release of confidential data and records stolen during initial access on a leak site.
Incidents Caused by this Malware
- May 13, 2021: Toshiba Hit In DarkSide Ransomware Attack
- May 7, 2021: Colonial Pipeline Ops Shut Down after Ransomware Attack
Threat Actors Known to use this Malware
No threat actors identified