Romanian cybersecurity company Bitdefender released a free cryptographer on January 11th that can help victims of DarkSide ransomware to recover their encrypted archives, without having to pay ransom asked by the gang hackers. The decryptor, which is currently available for download on the Bitdefender site, along with instructions for use, is a breath of optimism for companies whose important files have been encrypted by one of the most advanced ransomware companies operating in cyberspace today.
DarkSide is a ransomware company that has already made millions since August 2020 when it started targeting businesses. The company saw increased activity between October and December 2020, when the number of DarkSide samples on the ID-Ransomware platform more than doubled.
The group uses an established Ransomware-as-a-Service (RaaS) model to work with other criminal groups. These groups apply for DarkSide RaaS and receive a fully functional one version of ransomware. Then they violate Companies using their own chosen methods, they install ransomware and demand huge ransom amounts from the victims. Specifically, ransom claims range from $ 200.000 to $ 2.000.000, depending on the size of the breaches.
According to ZDNet, this is not a new modus operandi. This is the so-called "big game hunt" in which ransomware gangs mostly target high-profile companies, rather than individual households. users, aspiring to make as much profit as possible.
In cases where victims refused to pay the ransom, DarkSide operators leaked documents they stole from network of the victim on a data leak site, as a form of punishment and warning to other victims who may wish to reinstate the data back them up instead of paying ransom.
While DarkSide has been posting the names and details of new victims on its site for about a year, the team is believed to be still active.
In accordance with MalwareHunter, the most recent activity from the team is an update to its site from last week, with which DarkSide operators added a new section dedicated to journalists, where journalists can register and contact the DarkSide gang.
While most DarkSide victims have paid a ransom or restored files from backups for months, the DarkSide decryptor is not useless for the following reasons:
- Helps companies recover important files that were encrypted months ago and could not be retrieved but are still stored on backup drives.
- It raises operating costs for the DarkSide gang, which will now have to do it all again codes file encryption to prevent free decryption.
- It offers a major blow to DarkSide RaaS. Many ransomware companies have closed in the past after the release of a free decryptor, as most of their customers abandoned them for competitors that "can not be encrypted".
As for the victims, the free decryptor released by Bitdefender should, in theory, work for all recent versions of DarkSide ransomware, regardless of the file extension that hackers added at the end of each encrypted file. This extension is unique per victim, as it is calculated by local characteristics, but this is not a problem.