A new ransomware appeared earlier this month going by the name DarkSide. As is now typical for many ransomware threat groups, the operators behind DarkSide extort their victims for higher ransom payouts and steal data before encrypting victim machines. Stolen data is added to their own leak site where the victim’s company name is listed alongside the amount and types of data stolen. Victims who choose not to pay may have their data published for at least six months. Ransom demands seen so far have been in the range of $200,000 to $2,000,000 USD, with demands doubling after a certain length of time. The operators behind DarkSide have stated that they only target companies they believe can pay the ransom demands as they “do not want to kill your business.” While a “promise” from threat actors is never quite a guarantee, they have also stated that they will not target the education, government, medical or non-profit industries.
DarkSide is yet another human-operated ransomware, meaning the actors behind it are actively involved in each step of the infection chain. These attacks may begin through phishing, poorly secured Remote Desktop (RDP) systems or unpatched externally-facing systems. TeamViewer is also in the list of processes to avoid terminating, possibly hinting at one of their methods for remote access to infected machines.