McAfee’s market leading EPP solution covers DarkSide ransomware with an array of early prevention and detection techniques.Ĭustomers using MVISION Insights will find a threat-profile on this ransomware family that is updated when new and relevant information becomes available. Further, the sectors primarily targeted are Legal Services, Wholesale, and Manufacturing, followed by the Oil, Gas and Chemical sectors. This map clearly illustrates that the most targeted geography is clearly the United States (at the time of writing). Using MVISION Insights we can identify the prevalence of targets. The group behind DarkSide are also particularly active. Potential legal issues abound, not to mention ethical concerns, but this information could certainly provide an advantage in short selling when the news breaks. Those victims who do pay a ransom receive an alert from DarkSide on companies that are on the stock exchange who are breached, in return for their payment. Alongside their threat to leak data, they have a separate option for recovery companies to negotiate, are willing to engage with the media, and are willing to carry out a Distributed Denial of Service (DDoS) attack against victims. DarkSide is an example of a RaaS whereby they actively invest in development of the code, affiliates, and new features. ENS 10.7 Rolls Back the Curtain on Ransomware: Īs mentioned earlier, DarkSide is a Ransomware-as-a-Service (RaaS) that offers high returns for penetration-testers that are willing to provide access to networks and distribute/execute the ransomware.Building Adaptable Security Architecture Against NetWalker:.
These additional publications can guide you in doing so: While this technical paper covers DarkSide in more detail, we must stress the importance of implementing best practices in securing/monitoring your network. These, and other groups and their affiliates, exploit common entry vectors and, in many cases, the tools we see being used to move within an environment are the same. Herein is the crux of the challenge: while the attention may be on DarkSide ransomware, the harsh reality is that equal concern should be placed at Ryuk, or REVIL, or Babuk, or Cuba, etc.
While this may not be a new phenomenon, this model is actively deployed by many groups with great effect.
Many of the excellent technical write-ups will detail how it operates an affiliate model that supports others to be involved within the ransomware business model (in addition to the developers). Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. By Raj Samani and Christiaan Beek on May 14, 2021
0 kommentar(er)
