DarkSide ransomware was first discovered in the wild in August, 2020. The DarkSide ransomware group runs Ransomware-as-a-Service (RaaS) – affiliates are able to deploy the ransomware for a fee or a cut of the proceeds from successful ransom payments – and was brought to mainstream attention due to the recent ransomware attack against Colonial Pipeline.

In this threat intelligence report, the Proficio Threat Intelligence Team provides more detailed findings based on its research of DarkSide ransomware.

DarkSide ransomware group attacks are highly targeted, and affiliates are able customize the ransomware executable for the specific organization they are attacking. Organizations that are targeted typically have the finances to pay large ransom amounts. The DarkSide ransomware group also has a website where they publish data stolen from victims who refuse to pay the ransom. This is a method of further pressuring victims to pay, following a trend observed among ransomwares throughout 2020, including DoppelPaymer and REvil/Sodinokibi.

After the attack on Colonial Pipeline, the DarkSide ransomware group has publicly stated that they are apolitical and their goal “is to make money, not create problems for society”. Affiliates are not allowed to attack organizations from some specific sectors.

Check out the ins and outs of DarkSide in this report.