DarkSide Ransomware Links to REvil Group Difficult to Dismiss

From flashpoint-intel.com

ransomware-lock-chain

Key Takeaways from Recent DarkSide Ransomware Events:

  1. On May 10, 2021, the U.S. Federal Bureau of Investigation (FBI) issued a statement confirming that “the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks,” with its pipeline systems taken offline since Friday, May 7, 2021.
  2. “DarkSide” is a ransomware strain that was originally developed by Russian-speaking threat actors and has been active since August 2020. The ransomware is highly customized, designed to target large corporations in select industry verticals, particularly those in finance, technology, and manufacturing.
  3. Flashpoint assesses with moderate confidence that the ransomware is a variant of “REvil” ransomware and is based on its code.
  4. DarkSide ransom payment demands range widely from $200,000 to $2,000,000, depending on the size and possibly other associated characteristics of the targeted organization.
  5. When DarkSide victims refuse to pay the ransom demand, the ransomware group follows through on its threat, releasing victims’ sensitive data on publicly visible websites.

Read more…