02 scaled brandefense
image link
BrandefenseDigital Risk Protection Service

Darkside Ransomware Analysis Report

The DarkSide ransomware has been identified as a cybercrime gang thought to be based in Russia especially targeting the US and Eastern Europe corporations. Also, they leverage ransomware in their campaign. They had targeted energy, financial, and so on sectors. But targets do not include hospitals, government institutions, schools, or non-profit organizations DarkSide that has first seen in August 2020. Also, their loudest operation is known as Colonial Pipeline in the US.


The DarkSide threat group also has been using the Double Extortion attack model. It is standardized between ransomware gangs to enforce organizations that have disaster recovery plans and refuse to pay the ransom. Therefore, if the victim accomplishes recovering encrypted data, they still have to pay to avoid publicly sharing data.


The DarkSide exhibits aggressive behavior for their targets to pay the ransom, dispositions to send emails to the employee if they think to get ignored or their victims did not respond themselves in 2-3 days. If this method is not working, they will not hesitate to tell by calling high-level executives. In this way, threat actors will notify the victim customers or press about the ransomware attack.


The DarkSide ransomware gang has been sold ransomware as RaaS modeling in underground cybercrime forums. This situation enables to conduct of campaigns without technical requirements.


As a result of the DarkSide ransomware campaigns, obtained ransom was $312.000 in 2020, while it rose approximately three times by reaching $800.000 in 2021. According to posts username darksupp believed to have belonged DarkSide in underground forums DarkSide developers get a share of %25 for $500.000 and below ransom and for 5 Million $ and above, also %10.