DarkSide is a cybercriminal hacking group
DarkSide Hacker Group is a cybercriminal organization that extorts organizations worldwide with ransomware. Among "big game hunter" cybercriminals, DarkSide Hacker Group is one of the most selective, allegedly refusing to target any sort of medical, educational, or government targets. They are a notorious for-profit ransomware group, but experts do not believe they are state sponsored. Rather, they primarily develop and distribute Ransomware as a Service (RaaS) to other cybercriminal affiliates who then deploy the attacks independently.
This article will cover everything you need to know about DarkSide Ransomware and how to protect your organization from ransomware extortion.
Famous DarkSide cyberattacks
Colonial pipeline ransomware attack
In May 2021, DarkSide made headlines for the Colonial Pipeline Ransomware Attack. This led to a massive shutdown in operations, cost the organization more than $4 million, and ended up causing a state of emergency in much of the United States' East Coast.
Toshiba Tec unit ransomware data breach
DarkSide also famously infiltrated a Toshiba Tec Corp unit in France later the same month, stealing over 740 gigabytes of information, including passports and other personal information. While the attack was not quite so dramatic or damaging as Colonial, it prompted the multibillion-dollar company to consider restructuring its entire organization and shed light on how multiple groups within DarkSide were actively looking to extort companies.
What is DarkSide ransomware?
DarkSide Ransomware is a RaaS that often engages double extortion tactics. After infiltrating the target's organization, sensitive data is encrypted and held at ransom. Victims are instructed to pay a ransom, often in Bitcoin, to regain access. On top of that, the cybercriminals threaten to publicly release the data if the ransom is not paid, either by selling it on the black market to other criminals, or by publishing it on the internet.
To date, DarkSide Ransomware has deployed such tactics to successfully steal over 100 GB of corporate data and collect more than $4 million in ransom.
How DarkSide ransomware works
Unlike other popular ransomware that operates with spear-phishing attacks or imposter emails with malicious software, DarkSide Ransomware exploits weaknesses in remote desktop protocol (RDP) to gain initial access to a computer or network. It then slowly unlocks administrative privileges so that the cyberattackers have full access to sensitive data and/or essential operations.
Some of the main vulnerabilities DarkSide has been known to prey on include:
• Weak passwords
• Direct connection with RDP instead of VPNs
• Improperly configured firewalls
• Lack of two-factor authentication
In other words, DarkSide Ransomware is very effective at exploiting organizations who don't keep strong locks on their virtual doors.
Protect against DarkSide ransomware with Mimecast
While the cybercriminals affiliated with DarkSide claim they don't target schools, hospitals, or government organizations, there's no telling who their clients will target. Anyone could be a victim of a ransomware attack, especially considering how complex cybersecurity can be to many organizations. Occasionally antivirus software and firewalls get uninstalled or turned off in order to facilitate communications and operations. Some employees are not informed about how to set strong passwords, and sometimes organizations don't have backups to help them recover from ransomware attacks.
Understandably, it can be difficult for organizations to implement the right cyber security protocols, but Mimecast offers solutions that make transitioning easy and effective. We are proud to serve over 39,000 organizations globally, both at the enterprise level and small businesses with less than 50 users. Learn more about how Mimecast can offer a customized solution for your organization by requesting a quote.