We often hear of new Cyber Criminal campaigns springing up after a successful cyber attack is carried out and makes the headlines - big names that spring to mind (with big attacks notched to their record) are DoppelPaymer, Sodinokibi, Maze, NetWalker and Darkside - the latter being behind the Colonial Pipeline attack in the US. All express to bring a new means of threat and offer innovative means of compromising their victims' networks and reputation - 'pay up or else...'
But when it comes to analyzing new ransomware campaigns, one might ask, “how innovative is this threat compared to previous ones?”
Well, DarkSide is no different from its counterparts but is indeed one of the latest and most successful representations of the rising Ransomware-as-a-Corporation (RaaC) trend. Cybercriminals have seen their revenues steadily increase in the last couple of years, making the ransomware market extremely prolific (ransomware incidents rose 151% in the first 6 months of this year).
The DarkSide group share significant overlaps between their operation and those mentioned above. What, then, makes DarkSide particularly interesting? See article below...
The DarkSide operation is hardly innovating in terms of tactics, techniques, and procedures (TTPs) used by other threat actors. The group shares its methods with infamous names like DoppelPaymer, Sodinokibi, Maze, and NetWalker. Many researchers that have analyzed the DarkSide ransomware agree that there are significant overlaps between this operation and those mentioned above. What, then, makes DarkSide particularly interesting? The answer is threefold: The group has a highly targeted approach to targeting their victims Custom ransomware executables are carefully prepared for each target There is a corporate-like method of communication throughout their attacks