BlackBerry Prevents DarkSide Ransomware — Years Before It Ever Existed

What is DarkSide?

DarkSide is a newer ransomware-as-a-service (RaaS) product that offers its malware for download on the dark web. Like many other RaaS vendors, DarkSide allows their customers to download malware and attack victims to extort money, exfiltrate files, and then share in the proceeds with the malware creators.

RaaS and other Malware as a Service (MaaS) vendors allow anyone to become a threat actor by offering the malware for download after signing up. This makes these services extremely dangerous for organizations around the world as traditional security companies are required to build defenses against hundreds if not thousands of different actors who attack with variants of the original malware.

Some RaaS services offer a very low barrier to entry, offering their malware for free in exchange for a share of the paid ransoms. Other RaaS vendors require some upfront payment to download the malware; but usually do not share in any profit from ransoms paid.

The FBI has been actively tracking DarkSide since it was first discovered in October 2020. The attack often occurs in two phases; after gaining access to the network, threat actors first exfiltrate as much data as they can before then encrypting the drives.

By exfiltrating the victim’s data, as with any good business model, the attackers then have multiple paths to revenue. They can threaten to release a victim’s sensitive data publicly and still control the victim’s computers, keeping them from being productive.

Does BlackBerry Prevent DarkSide Ransomware?

Yes. The BlackBerry Threat Research team has tested all known variants and confirmed they were successfully prevented by the current version of BlackBerry® Protect. We prevented the execution of the files using our AI engine without any updates or Internet connectivity. In fact, many of the known variants were prevented with a version of BlackBerry Protect from 2015!

Figure 1: BlackBerry Protect blocking DarkSide samples with our 2015 version, offline.

BlackBerry’s philosophy is different from much of the industry.

We do not believe that our customers should have to suffer the effects of cyberattacks. We do not believe that there needs to be victims.

Endpoint detection and response (EDR) focused solutions take action too late and do not prevent breaches. Prevention is our strategy.

Prevention IS possible; ask BlackBerry to show you how.

BlackBerry may provide further updates as our investigation progresses and more details become available.

BlackBerry Assistance

If you’re battling this or a similar threat, you’ve come to the right place, regardless of your existing BlackBerry relationship.

The BlackBerry Incident Response team is made up of world-class consultants dedicated to handling response and containment services for a wide range of incidents, including ransomware and Advanced Persistent Threat (APT) cases.

We have a global consulting team standing by to assist you providing around-the-clock support, where required, as well as local assistance. Please contact us here: https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment.