DarkSide was a ransomware as a service (RaaS) group for hire. DarkSide RaaS group has been operating and involved in cyberattacks since at least August 2020. Hackers would hire DarkSide to extract the maximum ransom from an organization after proving to DarkSide that they had established persistent access to a target. From there, DarkSide uses the access to deploy the ransomware.
DarkSide, like many other RaaS groups used a double ransom approach. First, they would sell the encryption key, then request a ransom for the stolen data from the organization, or it would be destroyed.
DarkSide runs an affiliate program where ransomware operators provide crypto-locking malware code to third parties. Each affiliate receives a version of code with their unique ID embedded. For every victim that pays a ransom, the affiliate shares a percentage of the payment (generally ~30%) with the ransomware operator.
RaaS groups including DarkSide do not infiltrate organizations. Instead, the hacker must prove they have gained access to an organization, and the RaaS group would use this access to stage the ransomware while simultaneously performing due diligence on the targets’ ransomware insurance policy to ensure maximum profit. These groups use commonly observed techniques throughout their staging activities which make it possible for Vectra to detect ransomware long before any encryption occurs.
While DarkSide has purportedly ceased operations following the Colonial Pipeline attack, there are currently more than 100 RaaS groups active, and certainly more ready to take their place. Early detection of threat-actor behavior is critical to stopping ransomware from crippling your business. Vectra identifies pre-ransomware behaviors used by DarkSide and other RaaS groups to stop the attacks.
If you feel that your business isn’t a target for ransomware—just ask yourself:
Stop Ransomware now! Vectra can show you how.
Joe Malenfant is the Vice President of Product Marketing at Vectra. Joe and his team are responsible for creating differentiated position for Vectra’s solutions, providing clarity to prospects, customers, and partners. Joe has spent over 10 years driving innovation in cyber security including endpoint detection and response, industrial control systems (ICS), IoT, and network security. He has launched category defining products from pure play SaaS to hardware solutions for IT, IoT, and ICS environments. He regularly presents at industry conference including RSA, Cisco Live, and IIoT World.
Prior to Vectra, he led marketing for Cisco’s Internet of Things business, a $1B portfolio spanning over 5 product segments including cloud, networking, and security. Prior to joining Cisco in 2014 he led product and solutions marketing Lockheed Martin Commercial cyber security solutions through the acquisition of ICS security company, Industrial Defender. Joe holds an MBA from Johnson & Wales in Providence, RI and an undergraduate degree from Concordia University in Montreal, Canada.