DarkSide Ransomware operators have posted on a Russian speaking forum that they will be creating a distributed storage system in Iran to store victim data for up to six months. The post, which was found by researchers at Kela, stated that the group wanted to find a way other than a website to store the data that operators of their ransomware stole. Many ransomware operators have moved to websites to post and store victim information. DarkSide is run as Ransomware-as-service, meaning the group develops the ransomware and licenses the system to other criminals to hack into companies and encrypt victim data. The operators get a percentage of the money their affiliates manage to steal. The group also deposited 320 thousand US dollars onto the website in search of new affiliates to hack companies. DarkSide puts all their new affiliates through an interviews process. The group also claims that their malware cannot be used to target the healthcare sector, education, non-profit, and government entities.
Intro The Binary Defense threat hunting team are experts on today’s threat actor groups. In