The Darkside Ransomware Group Is the Dangerous Poster Child for Today’s Ransomware-as-a-Service



Darkside Ransomware GroupLooking beyond the “older” RaaS threat groups like Ryuk, DoppelPaymer, and Revil, today’s modern ransomware-as-a-service operator is far more business-like and specific in execution.

This now nearly 5-year old cyberthreat model empowers just about anyone wanting to be a would-be cyber-thug to jump in and use some very powerful and sophisticated tools to accomplish what only those with extensive development backgrounds could achieve. Most news stories focus on the more “successful” ransomware families, but a new article from cybersecurity vendor Avast showcases Darkside (a spinoff of Revil from back in 2020) – and it’s worth a read.

The newest trend in ransomware attacks is specificity; industry verticals, business sizes, victim titles and roles, social engineering themes and TTPs – and Darkside as them all.

According to Avast, Darkside is a great representation of the modern ransomware threat group:

  • They refine their victim target list, looking for the greatest ability to pay large ransoms
  • They do a ton of diligence on who to target and customize delivery for each attack
  • Their approach to operations is far more corporate-like than a bunch of developers that built some affiliate-friendly ransomware and posted it to the dark web

The fact that a cybercriminal organization like this exists is troubling; the more organized the bad guys get, the more likely their chances of successfully attacking your organization. And with the added “as a service” factor, this concern should be multiplied ten-fold.

Remember, one of the most effective ways to thwart ransomware attacks using phishing as the initial attack vector is through Security Awareness Training which empowers users to identify suspicious email content before interacting with it, stopping the attack in its tracks.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews