"Named must be your fear before banish it you can."
The Darkside cybercriminal group have been active for around two weeks now, however their targeted attacks are already earning the group big bucks. The fear of losing data according to reports has lead to at least one victim of this new ransomware to pay the $1 million ransom demand to decrypt their files.
The group announced that they were behind the major ransomware threat with a press release on the deep web on August 10th stating that "we are a new product on the market, but that does not mean we have no experience and we came from nowhere."
The ransoms themselves according to multiple reports range from $200,000 all the way to $2 million however these numbers will double if an initial payment isn't met. As far as we know at least one victim has already paid a ransom of over $1 million and more are sure to follow.
The Darkside group have stated that they don't want to kill your business and will 'only attack companies that can pay the ransom demands.' The statement from the cybercriminals claims that Darkside analyze accountancy records to determine how much the company can pay based on net income. Darkside have also stated that they will not target hospitals, schools, universities, non-profit organisations, or the government sector.
The group have been linked to REvil and GandCrab malware using these to create their own template when a system has been compromised, even the customized "Welcome to the Darkside" ransom note appears to be based on REvil templates. REvil have recently opened a deep web auction house specifically to auction off data stolen from high profile 'clients'. It is yet to be seen if Darkside will follow this template if ransom demands aren't met.
What can you do to keep your companies safe from the Darkside? As they are a fairly new organisation they could target anyone yet and should be taken very seriously. This means you should be going back to basics of your online security, ensuring you are doing more than simply backing up data. By making your IT security a priority you lower the risk of being targeted by this or any other cybercriminal group. Keep everything patched and up to date, have strong authentication in place wherever it can be, and make sure that everyone involved with your business is educated and aware of the ransomware threat. Increase your online security and make things harder for the Darkside.
For more information on cyber security or malware that could effect your organisation, get in touch today via firstname.lastname@example.org.