DarkSide ransomware highly selective and targeted toward its victims. Its victims are business users and enterprise data with it encrypts their data with Salsa20 + RSA-1024 and then demands a multi-million dollar in BTC as ransom to get the files back. Before mounting attacks, DarkSide will create a custom ransomware executable that can be run for the specific company they are attacking. When executed, the ransomware runs a PowerShell command that deletes Shadow Volume Copies on the system so that they cannot be used to recover files. It then terminates the process of databases, office applications and email clients to prepare the machine for encryption. Oddly, it leaves the TeamViewer process running, which may be used for remote access later.
DarkSide has similarities with REvil Ransomware
. It also does not infect systems that have locale of CIS Countries
. Another similarity shared between REvil Ransomware and GandCrab Ransomware
DarkSide operators move there distributed backup system to Iran for storage of stolen data of its victims.
Bitdefender release free decryptor tool
DarkSide Ransomware v188.8.131.52 Signatures
DarkSide Ransomware v184.108.40.206 Download
DarkSide Ransomware Signatures
DarkSide Ransomware Download