Changes

In August 2020, Darkside introduced its Ransomware-as-a-Service (RaaS) in a press release. The group provides web chat support to victims, builds intricate data leak storage systems with redundancy, and performs financial analysis of victims prior to attacking. The group is suspected to be former IT security professionals and is known to have a code of conduct that includes not attacking hospitals, schools, non-profits, or governments, but rather big organizations. After the May 2021 Colonial Pipeline attack, [[Varonis]]’s reverse engineering revealed that Darkside’s malware checked device language settings to ensure that they don’t attack Russia-based organizations.<ref>[https://www.varonis.com/blog/darkside-ransomware/]</ref>

In August 2020, Darkside introduced its Ransomware-as-a-Service (RaaS) in a press release. The group provides web chat support to victims, builds intricate data leak storage systems with redundancy, and performs financial analysis of victims prior to attacking. The group is suspected to be former IT security professionals and is known to have a code of conduct that includes not attacking hospitals, schools, non-profits, or governments, but rather big organizations. After the May 2021 Colonial Pipeline attack, [[Varonis]]’s reverse engineering revealed that Darkside’s malware checked device language settings to ensure that they don’t attack Russia-based organizations.<ref>[https://www.varonis.com/blog/darkside-ransomware/]</ref>

Darkside has Windows and Linux toolsets, is similar to [[NetWalker]] and [[REvil]] in that it has an affiliate program that offers anyone who helps spread their malware 10-25% of the payout.

Darkside has Windows and Linux toolsets, is similar to [[NetWalker]] and [[REvil]] in that it has an affiliate program that offers anyone who helps spread their malware 10-25% of the payout.

Darkside

Darkside

*runs command and control over [[TOR]],

*runs command and control over [[TOR]],