Darkside is a new ransomware attack that started at the beginning of August 2020. It is supposedly run by former affiliates of other ransomware campaigns that extorted money who decided to come up with their own code. According to the known incidents, the ransom demanded falls in the range of between $200,000 and $2,000,000 (US).
Like other ransomware used in targeted attacks, Darkside not only encrypts the user’s data but also ex-filtrates data from the compromised servers.
A new tool was released on 12th January 2020 by security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand – and it’s free!
Active since the summer of 2020, the Darkside group launched and still operates today through ads posted on cybercrime forums.
The group uses a well-established Ransomware-as-a-Service (RaaS) model to partner with other cyber crime groups.
These groups would apply for the Darkside RaaS and receive a fully functional version of the Darkside ransomware. They would then breach companies using their own chosen methods, install the ransomware, and ask for huge payouts, usually in the realm of hundreds of thousands or millions of US dollars.
This modus operandi isn’t new, and it’s called “big-game hunting” because ransomware gangs usually tend to go after companies, instead of home users, in the hopes of increasing their profits.
In situations where victims didn’t want to pay, Darkside operators leak documents they stole from the victim’s network on a dedicated “leak site,” as a form of punishment and forwarning to other victims who may want to restore from backups instead of paying the crooks.
Will the decrypter to a darkside ransomware shutdown?
First and foremost, the tool helps companies recover important files that were encrypted months before and which they weren’t able to restore but still have around, saved on backup drives.
Second, the tool also incurs operational costs to the Darkside gang, which will now have to re-do all its file encryption code to prevent free decryptions.
Third, the tool also deals a major reputational blow to the Darkside RaaS. Many ransomware operations have shut down in the past after the release of a free decrypter, as most of their customers abandoned them for newer and non-decryptable competitors.
As for the victims themselves, the good news is that the free decrypter released by Bitdefender should, in theory, work for all recent versions of the Darkside ransomware, regardless of the file extension that crooks added at the end of each encrypted file.