Expert Insight on DarkSide Ransomware

Darkside Ransomware who began operating around at the start of August is currently affecting the real estate developer in North America. Brookfield Residential is one of the first victims of the new DarkSide Ransomware. Below, the security expert provides insight on this new ransomware.

Experts Comments

August 27, 2020
Andrea Carcano
Co-founder and CPO
Nozomi Networks
This attack echoes a trend we identified in a recent study of common threats in the first half of this year. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations. Additionally, ransomware gangs are often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up. These threats should be a serious concern for security professionals responsible for keeping not only IT, but OT and.....Read More
This attack echoes a trend we identified in a recent study of common threats in the first half of this year. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations. Additionally, ransomware gangs are often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up. These threats should be a serious concern for security professionals responsible for keeping not only IT, but OT and IoT networks safe. Threat actors are setting their sights on higher-value targets, leaving security organisations scrambling to keep up. It’s a challenging task, but not impossible. The proliferation and complexity of ransomware attacks signify the growing need for organisations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organisations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As a result, when it comes to ransomware prevention will always be better than a cure. Organisations should deploy artificial intelligence and machine learning tools that can help identify cyber threats in real-time and resolve issues before harm is done. A robust cyber defense strategy is the first line of defense against a ransomware attack.  Read Less
August 27, 2020
Tony Lambert
Intelligence Analyst
Red Canary
DarkSide is similar to other ransomware families such as REvil and Maze, because it is a human-operated family. Essentially, adversaries gain initial access via externally-facing services such as remote desktop protocol (RDP) or web applications that are poorly secured or unpatched to inhibit system recovery and delete volume shadow copies. A few standouts of DarkSide include the obfuscation of the PowerShell command to delete volume shadow copies usually seen by other ransomware families......Read More
DarkSide is similar to other ransomware families such as REvil and Maze, because it is a human-operated family. Essentially, adversaries gain initial access via externally-facing services such as remote desktop protocol (RDP) or web applications that are poorly secured or unpatched to inhibit system recovery and delete volume shadow copies. A few standouts of DarkSide include the obfuscation of the PowerShell command to delete volume shadow copies usually seen by other ransomware families. Additionally, it avoids stopping processes like ‘vmcompute.exe’ and ‘vmms.exe’ in what seems as an attempt to avoid attention by crashing virtual machines on Hyper-V hosts.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.