Expert Insight on DarkSide Ransomware

Darkside Ransomware who began operating around at the start of August is currently affecting the real estate developer in North America. Brookfield Residential is one of the first victims of the new DarkSide Ransomware. Below, the security expert provides insight on this new ransomware.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Tony Lambert
Tony Lambert , Intelligence Analyst
InfoSec Expert
August 27, 2020 6:32 pm

DarkSide is similar to other ransomware families such as REvil and Maze, because it is a human-operated family. Essentially, adversaries gain initial access via externally-facing services such as remote desktop protocol (RDP) or web applications that are poorly secured or unpatched to inhibit system recovery and delete volume shadow copies.

A few standouts of DarkSide include the obfuscation of the PowerShell command to delete volume shadow copies usually seen by other ransomware families. Additionally, it avoids stopping processes like ‘vmcompute.exe’ and ‘vmms.exe’ in what seems as an attempt to avoid attention by crashing virtual machines on Hyper-V hosts.

Last edited 2 years ago by Tony Lambert
Andrea Carcano
Andrea Carcano , Co-founder and CPO
InfoSec Expert
August 27, 2020 9:11 am

This attack echoes a trend we identified in a recent study of common threats in the first half of this year. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations. Additionally, ransomware gangs are often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up.

These threats should be a serious concern for security professionals responsible for keeping not only IT, but OT and IoT networks safe. Threat actors are setting their sights on higher-value targets, leaving security organisations scrambling to keep up. It’s a challenging task, but not impossible.

The proliferation and complexity of ransomware attacks signify the growing need for organisations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organisations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As a result, when it comes to ransomware prevention will always be better than a cure. Organisations should deploy artificial intelligence and machine learning tools that can help identify cyber threats in real-time and resolve issues before harm is done. A robust cyber defense strategy is the first line of defense against a ransomware attack.

Last edited 2 years ago by Andrea Carcano
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x