 back to blog

5 Things to Know about DarkSide & Other Ransomware as a Service Groups

By
Vectra
,
Cybersecurity
and
|
June 22, 2021
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

1. Who is DarkSide?

DarkSide was a ransomware as a service (RaaS) group for hire. DarkSide RaaS group has been operating and involved in cyberattacks since at least August 2020. Hackers would hire DarkSide to extract the maximum ransom from an organization after proving to DarkSide that they had established persistent access to a target. From there, DarkSide uses the access to deploy the ransomware.

DarkSide, like many other RaaS groups used a double ransom approach. First, they would sell the encryption key, then request a ransom for the stolen data from the organization, or it would be destroyed.

2. What is the DarkSide ransomware business model?

DarkSide runs an affiliate program where ransomware operators provide crypto-locking malware code to third parties. Each affiliate receives a version of code with their unique ID embedded. For every victim that pays a ransom, the affiliate shares a percentage of the payment (generally ~30%) with the ransomware operator.

Ransomware as a Service use the affiliate model

3. What are DarkSide ransomware attack methods?

RaaS groups including DarkSide do not infiltrate organizations. Instead, the hacker must prove they have gained access to an organization, and the RaaS group would use this access to stage the ransomware while simultaneously performing due diligence on the targets’ ransomware insurance policy to ensure maximum profit. These groups use commonly observed techniques throughout their staging activities which make it possible for Vectra to detect ransomware long before any encryption occurs.

New ransomware, same techniques and tactics

4. How does Ransomware bypass standard security tools?

5. How to detect and stop Ransomware gangs like DarkSide before the ransomware event?

While DarkSide has purportedly ceased operations following the Colonial Pipeline attack, there are currently more than 100 RaaS groups active, and certainly more ready to take their place. Early detection of threat-actor behavior is critical to stopping ransomware from crippling your business. Vectra identifies pre-ransomware behaviors used by DarkSide and other RaaS groups to stop the attacks.

If you feel that your business isn’t a target for ransomware—just ask yourself:

  • Can your business afford to be down for 21 days?*
  • Can your business afford to take 287 days to recover from an attack?**
  • Can your business afford to pay $312,493 in ransom?***
  • Can your organizations afford the brand damage of an attack?

Stop Ransomware now! Vectra can show you how.

* Coveware, “Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands,” February 1, 2021. https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
** Emsisoft Malware Lab, “The State of Ransomware in the US: Report and Statistics 2020,” January 18, 2021, Emisoft Blog, https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020/
*** Unit 42, Palo Alto Networks, “Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report,” March 17, 2021, https://unit42.paloaltonetworks.com/ransomware-threat-assessments.
Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch
CONTACTREQUEST A DEMO