5 Things to Know About DarkSide Ransomware | Vectra AI

5 Things to Know About DarkSide Ransomware | Vectra AI

5 Things to Know About DarkSide Ransomware | Vectra AI

5 Things You Need to Know

About DarkSide & Other

Ransomware as a Service Groups

5 Things You Need to Know

About DarkSide & Other

Ransomware as a Service Groups

By:
投稿者:
Joe Malenfant
June 22, 2021

1. Who is DarkSide?

DarkSide was a ransomware as a service (RaaS) group for hire. DarkSide RaaS group has been operating and involved in cyberattacks since at least August 2020. Hackers would hire DarkSide to extract the maximum ransom from an organization after proving to DarkSide that they had established persistent access to a target. From there, DarkSide uses the access to deploy the ransomware.

DarkSide, like many other RaaS groups used a double ransom approach. First, they would sell the encryption key, then request a ransom for the stolen data from the organization, or it would be destroyed.

2. What is the DarkSide ransomware business model?

DarkSide runs an affiliate program where ransomware operators provide crypto-locking malware code to third parties. Each affiliate receives a version of code with their unique ID embedded. For every victim that pays a ransom, the affiliate shares a percentage of the payment (generally ~30%) with the ransomware operator.

Ransomware as a Service use the affiliate model

3. What are DarkSide ransomware attack methods?

RaaS groups including DarkSide do not infiltrate organizations. Instead, the hacker must prove they have gained access to an organization, and the RaaS group would use this access to stage the ransomware while simultaneously performing due diligence on the targets’ ransomware insurance policy to ensure maximum profit. These groups use commonly observed techniques throughout their staging activities which make it possible for Vectra to detect ransomware long before any encryption occurs.

New ransomware, same techniques and tactics


4. How does Ransomware bypass standard security tools?


5. How to detect and stop Ransomware gangs like DarkSide before the ransomware event?

While DarkSide has purportedly ceased operations following the Colonial Pipeline attack, there are currently more than 100 RaaS groups active, and certainly more ready to take their place. Early detection of threat-actor behavior is critical to stopping ransomware from crippling your business. Vectra identifies pre-ransomware behaviors used by DarkSide and other RaaS groups to stop the attacks.

If you feel that your business isn’t a target for ransomware—just ask yourself:

  • Can your business afford to be down for 21 days?*
  • Can your business afford to take 287 days to recover from an attack?**
  • Can your business afford to pay $312,493 in ransom?***
  • Can your organizations afford the brand damage of an attack?

Stop Ransomware now! Vectra can show you how.

* Coveware, “Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands,” February 1, 2021. https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
** Emsisoft Malware Lab, “The State of Ransomware in the US: Report and Statistics 2020,” January 18, 2021, Emisoft Blog, https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020/
*** Unit 42, Palo Alto Networks, “Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report,” March 17, 2021, https://unit42.paloaltonetworks.com/ransomware-threat-assessments.

About the author

Joe Malenfant

Joe Malenfant is the Vice President of Product Marketing at Vectra. Joe and his team are responsible for creating differentiated position for Vectra’s solutions, providing clarity to prospects, customers, and partners. Joe has spent over 10 years driving innovation in cyber security including endpoint detection and response, industrial control systems (ICS), IoT, and network security. He has launched category defining products from pure play SaaS to hardware solutions for IT, IoT, and ICS environments. He regularly presents at industry conference including RSA, Cisco Live, and IIoT World.

Prior to Vectra, he led marketing for Cisco’s Internet of Things business, a $1B portfolio spanning over 5 product segments including cloud, networking, and security. Prior to joining Cisco in 2014 he led product and solutions marketing Lockheed Martin Commercial cyber security solutions through the acquisition of ICS security company, Industrial Defender. Joe holds an MBA from Johnson & Wales in Providence, RI and an undergraduate degree from Concordia University in Montreal, Canada.

Author profile and blog posts

Most recent blog posts from the same author

Threat detection

Demystifying Cloud Security with Forrester

June 29, 2021
Read blog post
Cybersecurity

5 Things to Know About DarkSide Ransomware | Vectra AI

June 22, 2021
Read blog post
Threat detection

Vectra Introduces Detect for AWS: Threat Detection and Response for IaaS and PaaS | Vectra AI

June 16, 2021
Read blog post