What is DarkSide?
DarkSide is a newer ransomware-as-a-service (RaaS) product that offers its malware for download on the dark web. Like many other RaaS vendors, DarkSide allows their customers to download malware and attack victims to extort money, exfiltrate files, and then share in the proceeds with the malware creators.
RaaS and other Malware as a Service (MaaS) vendors allow anyone to become a threat actor by offering the malware for download after signing up. This makes these services extremely dangerous for organizations around the world as traditional security companies are required to build defenses against hundreds if not thousands of different actors who attack with variants of the original malware.
Some RaaS services offer a very low barrier to entry, offering their malware for free in exchange for a share of the paid ransoms. Other RaaS vendors require some upfront payment to download the malware; but usually do not share in any profit from ransoms paid.
The FBI has been actively tracking DarkSide since it was first discovered in October 2020. The attack often occurs in two phases; after gaining access to the network, threat actors first exfiltrate as much data as they can before then encrypting the drives.
By exfiltrating the victim’s data, as with any good business model, the attackers then have multiple paths to revenue. They can threaten to release a victim’s sensitive data publicly and still control the victim’s computers, keeping them from being productive.
Does BlackBerry Prevent DarkSide Ransomware?
Yes. The BlackBerry Threat Research team has tested all known variants and confirmed they were successfully prevented by the current version of BlackBerry® Protect. We prevented the execution of the files using our AI engine without any updates or Internet connectivity. In fact, many of the known variants were prevented with a version of BlackBerry Protect from 2015!