Security News > 2021 > May > Security Researchers Dive Into DarkSide Ransomware

Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack.

The RaaS features the typical characteristics of any ransomware enterprise: after the target systems have been compromised, data is encrypted and exfiltrated for extortion purposes, and the victim is provided with means of contacting the attackers to receive details on the payment request and to negotiate the ransom.

To date, DarkSide has been used in attacks targeting tens of organizations in the financial services, technology, legal, manufacturing, retail, and professional services sectors.

Security researchers with cybercrime intelligence firm Intel 471 say that, for initial access, the threat actors use access credentials purchased on underground forums, brute-force attacks, and spam email campaigns or botnets for malware delivery.

FireEye has analyzed the attacks associated with three of the DarkSide affiliates, revealing that, while one of them would deploy the ransomware only three days after the initial compromise, a more established adversary tends to lurk in the compromised networks for months before making a similar move.

On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI released an alert to provide information on the best practices organizations should adopt to prevent falling victim to DarkSide ransomware attacks.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/VLdzQRtqIWk/security-researchers-dive-darkside-ransomware