SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.darkside (Back to overview)

DarkSide


There is no description at this point.

References
2021-06-07Department of JusticeOffice of Public Affairs
@online{affairs:20210607:department:d8a05d5, author = {Office of Public Affairs}, title = {{Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside}}, date = {2021-06-07}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside}, language = {English}, urldate = {2021-06-09} } Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
DarkSide
2021-06-02CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210602:under:2e7083b, author = {Josh Dalman and Heather Smith}, title = {{Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware}}, date = {2021-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/}, language = {English}, urldate = {2021-06-09} } Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti Ransomware DarkSide REvil
2021-05-28Trend MicroMina Nalim
@online{nalim:20210528:darkside:5eb7387, author = {Mina Nalim}, title = {{DarkSide on Linux: Virtual Machines Targeted}}, date = {2021-05-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/e/darkside-linux-vms-targeted.html}, language = {English}, urldate = {2021-06-01} } DarkSide on Linux: Virtual Machines Targeted
DarkSide
2021-05-20Digital ShadowsStefano De Blasi
@online{blasi:20210520:ransomwareasaservice:c7173c4, author = {Stefano De Blasi}, title = {{Ransomware-as-a-Service, Rogue Affiliates, and What’s Next}}, date = {2021-05-20}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/}, language = {English}, urldate = {2021-05-26} } Ransomware-as-a-Service, Rogue Affiliates, and What’s Next
DarkSide DarkSide REvil
2021-05-19The Wall Street JournalCollin Eaton
@online{eaton:20210519:colonial:8185b82, author = {Collin Eaton}, title = {{Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom}}, date = {2021-05-19}, organization = {The Wall Street Journal}, url = {https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636}, language = {English}, urldate = {2021-05-19} } Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom
DarkSide DarkSide
2021-05-18The RecordCatalin Cimpanu
@online{cimpanu:20210518:darkside:14b6690, author = {Catalin Cimpanu}, title = {{Darkside gang estimated to have made over $90 million from ransomware attacks}}, date = {2021-05-18}, organization = {The Record}, url = {https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/}, language = {English}, urldate = {2021-05-19} } Darkside gang estimated to have made over $90 million from ransomware attacks
DarkSide DarkSide Mailto Maze REvil Ryuk
2021-05-18EllipticTom Robinson
@online{robinson:20210518:darkside:c1451b1, author = {Tom Robinson}, title = {{DarkSide Ransomware has Netted Over $90 million in Bitcoin}}, date = {2021-05-18}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin}, language = {English}, urldate = {2021-05-19} } DarkSide Ransomware has Netted Over $90 million in Bitcoin
DarkSide DarkSide
2021-05-18Bleeping ComputerIonut Ilascu
@online{ilascu:20210518:darkside:d8e345b, author = {Ionut Ilascu}, title = {{DarkSide ransomware made $90 million in just nine months}}, date = {2021-05-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/}, language = {English}, urldate = {2021-06-07} } DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk
2021-05-17GigamonJoe Slowik
@online{slowik:20210517:tracking:060c759, author = {Joe Slowik}, title = {{Tracking DarkSide and Ransomware: The Network View}}, date = {2021-05-17}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/}, language = {English}, urldate = {2021-05-17} } Tracking DarkSide and Ransomware: The Network View
DarkSide DarkSide
2021-05-14The RecordCatalin Cimpanu
@online{cimpanu:20210514:darkside:2760169, author = {Catalin Cimpanu}, title = {{Darkside ransomware gang says it lost control of its servers & money a day after Biden threat}}, date = {2021-05-14}, organization = {The Record}, url = {https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/}, language = {English}, urldate = {2021-05-17} } Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
DarkSide Avaddon Ransomware REvil
2021-05-14KrebsOnSecurityBrian Krebs
@online{krebs:20210514:darkside:0a2cf92, author = {Brian Krebs}, title = {{DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized}}, date = {2021-05-14}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/}, language = {English}, urldate = {2021-05-17} } DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
DarkSide
2021-05-14Intel 471Intel 471
@online{471:20210514:moral:83d138a, author = {Intel 471}, title = {{The moral underground? Ransomware operators retreat after Colonial Pipeline hack}}, date = {2021-05-14}, organization = {Intel 471}, url = {https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime}, language = {English}, urldate = {2021-05-17} } The moral underground? Ransomware operators retreat after Colonial Pipeline hack
DarkSide DarkSide
2021-05-14Bleeping ComputerLawrence Abrams
@online{abrams:20210514:darkside:5169afb, author = {Lawrence Abrams}, title = {{DarkSide ransomware servers reportedly seized, REvil restricts targets}}, date = {2021-05-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/darkside-ransomware-servers-reportedly-seized-revil-restricts-targets/}, language = {English}, urldate = {2021-05-17} } DarkSide ransomware servers reportedly seized, REvil restricts targets
DarkSide DarkSide
2021-05-14EllipticDr. Tom Robinson
@online{robinson:20210514:elliptic:0c14d0e, author = {Dr. Tom Robinson}, title = {{Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims}}, date = {2021-05-14}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims}, language = {English}, urldate = {2021-05-17} } Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims
DarkSide DarkSide
2021-05-14GuidePoint SecurityDrew Schmitt
@online{schmitt:20210514:from:944b5f1, author = {Drew Schmitt}, title = {{From ZLoader to DarkSide: A Ransomware Story}}, date = {2021-05-14}, organization = {GuidePoint Security}, url = {https://www.guidepointsecurity.com/from-zloader-to-darkside-a-ransomware-story/}, language = {English}, urldate = {2021-05-17} } From ZLoader to DarkSide: A Ransomware Story
DarkSide Cobalt Strike Zloader
2021-05-14McAfeeRaj Samani, Christiaan Beek
@online{samani:20210514:darkside:e0b6b8d, author = {Raj Samani and Christiaan Beek}, title = {{Darkside Ransomware Victims Sold Short}}, date = {2021-05-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/darkside-ransomware-victims-sold-short/}, language = {English}, urldate = {2021-05-17} } Darkside Ransomware Victims Sold Short
DarkSide
2021-05-13Bleeping ComputerLawrence Abrams
@online{abrams:20210513:chemical:86f4f4a, author = {Lawrence Abrams}, title = {{Chemical distributor pays $4.4 million to DarkSide ransomware}}, date = {2021-05-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/}, language = {English}, urldate = {2021-05-17} } Chemical distributor pays $4.4 million to DarkSide ransomware
DarkSide DarkSide
2021-05-13Bleeping ComputerLawrence Abrams
@online{abrams:20210513:popular:62e98c8, author = {Lawrence Abrams}, title = {{Popular Russian hacking forum XSS bans all ransomware topics}}, date = {2021-05-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/}, language = {English}, urldate = {2021-05-17} } Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil
2021-05-13The RecordCatalin Cimpanu
@online{cimpanu:20210513:popular:278e039, author = {Catalin Cimpanu}, title = {{Popular hacking forum bans ransomware ads}}, date = {2021-05-13}, organization = {The Record}, url = {https://therecord.media/popular-hacking-forum-bans-ransomware-ads/}, language = {English}, urldate = {2021-05-17} } Popular hacking forum bans ransomware ads
DarkSide DarkSide
2021-05-13ABC NewsJustin Gomez
@online{gomez:20210513:dont:4c0730c, author = {Justin Gomez}, title = {{'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack}}, date = {2021-05-13}, organization = {ABC News}, url = {https://abcnews.go.com/Politics/biden-speak-colonial-pipeline-attack-americans-face-gasoline/story?id=77666212}, language = {English}, urldate = {2021-05-17} } 'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack
DarkSide
2021-05-13Stranded on Pylos BlogJoe Slowik
@online{slowik:20210513:mind:66194c8, author = {Joe Slowik}, title = {{Mind the (Air) Gap}}, date = {2021-05-13}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2021/05/13/mind-the-air-gap/}, language = {English}, urldate = {2021-05-17} } Mind the (Air) Gap
DarkSide
2021-05-13SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210513:ransomware:1c6898a, author = {Counter Threat Unit ResearchTeam}, title = {{Ransomware Groups Use Tor-Based Backdoor for Persistent Access}}, date = {2021-05-13}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransomware-groups-use-tor-based-backdoor-for-persistent-access}, language = {English}, urldate = {2021-05-26} } Ransomware Groups Use Tor-Based Backdoor for Persistent Access
DarkSide Snatch GOLD WATERFALL
2021-05-12SecurityScorecardRyan Sherstobitoff
@online{sherstobitoff:20210512:new:06b17ad, author = {Ryan Sherstobitoff}, title = {{New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted}}, date = {2021-05-12}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted}, language = {English}, urldate = {2021-05-17} } New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted
DarkSide DarkSide
2021-05-01Twitter (@JAMESWT_MHT)JamesWT
@online{jameswt:20210501:linux:150fb0f, author = {JamesWT}, title = {{Tweet on linux version of DarkSide ransomware}}, date = {2021-05-01}, organization = {Twitter (@JAMESWT_MHT)}, url = {https://twitter.com/JAMESWT_MHT/status/1388301138437578757}, language = {English}, urldate = {2021-05-13} } Tweet on linux version of DarkSide ransomware
DarkSide DarkSide
2021-03-09Youtube (SANS Digital Forensics and Incident Response)Eric Loui, Sergei Frankoff
@online{loui:20210309:jackpotting:1dcc95b, author = {Eric Loui and Sergei Frankoff}, title = {{Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021}}, date = {2021-03-09}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=qxPXxWMI2i4}, language = {English}, urldate = {2021-05-31} } Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:20210226:hypervisor:8dadf9c, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021-02-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout}, language = {English}, urldate = {2021-05-26} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
2021CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:2021:hypervisor:ade976a, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/}, language = {English}, urldate = {2021-05-31} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2020-09-29PWC UKAndy Auld
@online{auld:20200929:whats:2782a62, author = {Andy Auld}, title = {{What's behind the increase in ransomware attacks this year?}}, date = {2020-09-29}, organization = {PWC UK}, url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html}, language = {English}, urldate = {2021-05-25} } What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG Ransomware SunCrypt TrickBot WastedLocker
2020-05-29The New York TimesAndrew E. Kramer, Michael Schwirtz, Anton Troianovski
@online{kramer:20200529:secret:f7c5498, author = {Andrew E. Kramer and Michael Schwirtz and Anton Troianovski}, title = {{Secret Chats Show How Cybergang Became a Ransomware Powerhouse}}, date = {2020-05-29}, organization = {The New York Times}, url = {https://www.nytimes.com/2021/05/29/world/europe/ransomware-russia-darkside.html}, language = {English}, urldate = {2021-06-09} } Secret Chats Show How Cybergang Became a Ransomware Powerhouse
DarkSide
2020-05-28CrowdStrikeThe Crowdstrike Intel Team
@online{team:20200528:darkside:d2622a9, author = {The Crowdstrike Intel Team}, title = {{DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape}}, date = {2020-05-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-ransomware-adversaries-reacted-to-the-darkside-pipeline-attack/}, language = {English}, urldate = {2021-06-09} } DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
DarkSide DarkSide
2020-05-26DataBreaches.netDissent
@online{dissent:20200526:former:dcfe145, author = {Dissent}, title = {{A former DarkSide listing shows up on REvil’s leak site}}, date = {2020-05-26}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/}, language = {English}, urldate = {2021-06-09} } A former DarkSide listing shows up on REvil’s leak site
DarkSide REvil
2020-05-18CrowdStrikeKaran Sood, Shaun Hurley, Liviu Arsene
@online{sood:20200518:darkside:a32cfcd, author = {Karan Sood and Shaun Hurley and Liviu Arsene}, title = {{DarkSide Goes Dark: How CrowdStrike Falcon Customers Were Protected}}, date = {2020-05-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-protects-from-darkside-ransomware/}, language = {English}, urldate = {2021-06-09} } DarkSide Goes Dark: How CrowdStrike Falcon Customers Were Protected
DarkSide DarkSide

There is no Yara-Signature yet.