DarkSide Ransomware Sample Download

Posted Under: Download Free Malware Samples , Malware, Ransomware, Windows on Nov 18, 2020
DarkSide Ransomware Sample Download
DarkSide ransomware highly selective and targeted toward its victims. It victims are business users and enterprise data with it encrypts thera data with Salsa20 + RSA-1024 and then demands a multi-million dollar in BTC as ransom to get the files back. Before mounting an attacks, DarkSide will create a custom ransomware executable that can be run for the specific company they are attacking. When executed, the ransomware runs a PowerShell command that deletes Shadow Volume Copies on the system so that they cannot be used to recover files. It then terminate process of databases, office applications and email clients to prepare the machine for encryption. Oddly, it leave TeamViewer process running, which may be used for remote access later.

DarkSide has similarities with REvil Ransomware. It also does not infect systems that have locale of CIS Countries. Another similarity shared between REvil Ransomware and GandCrab Ransomware.

Update : DarkSide operators move there distributed backup system to Iran for storage of stolen data of its victims.

Update : Bitdefender release free decryptor tool.

DarkSide Ransomware Signatures

Family: Trojan:Win32/Ymacco.AA9C
MD5: f87a2e1c3d148a67eaeb696b1ab69133
SHA256: 9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297

DarkSide Ransomware Download

Download DarkSide Ransomware Sample
© Tutorial Jinni