In August 2020, Darkside introduced its Ransomware-as-a-Service (RaaS) in a press release. The group provides web chat support to victims, builds intricate data leak storage systems with redundancy, and performs financial analysis of victims prior to attacking. The group is suspected to be former IT security professionals and is known to have a code of conduct that includes not attacking hospitals, schools, non-profits, or governments, but rather big organizations. After the May 2021 Colonial Pipeline attack, [[Varonis]]’s reverse engineering revealed that Darkside’s malware checked device language settings to ensure that they don’t attack Russia-based organizations.<ref>[https://www.varonis.com/blog/darkside-ransomware/]</ref> | In August 2020, Darkside introduced its Ransomware-as-a-Service (RaaS) in a press release. The group provides web chat support to victims, builds intricate data leak storage systems with redundancy, and performs financial analysis of victims prior to attacking. The group is suspected to be former IT security professionals and is known to have a code of conduct that includes not attacking hospitals, schools, non-profits, or governments, but rather big organizations. After the May 2021 Colonial Pipeline attack, [[Varonis]]’s reverse engineering revealed that Darkside’s malware checked device language settings to ensure that they don’t attack Russia-based organizations.<ref>[https://www.varonis.com/blog/darkside-ransomware/]</ref> |