The ‘DarkSide’ Operators Respond to the Release of a Decryptor

  • BitDefender’s DarkSide decryptor hasn’t done much damage to the RaaS program, according to the operators.
  • The group has given new incentives to join the platform and saw a 20% rise in membership in just two days.
  • BitDefender could have chosen a better timing for the decryptors release, as they now saved only three firms.

Last week, BitDefender released a working decryptor for the DarkSide group’s ransomware, giving victims a way to unlock their files for free. Being a new and “hopeful” RaaS (ransomware as a service), DarkSide had to provide an official response to the situation, or the underground cyber-crime community could lose faith and not use the platform anymore.

Darkweb intelligence firm KELA tipped us about a relevant Q&A that was released by ‘DarkSide’ over the weekend, giving some explanations about the situation – and most importantly, providing some unexpected assurances.

Source: KELA

First of all, the ransomware actors do not believe that the decryptor’s release will affect subsequent payments because all new targets will be victimized using unique keys, and BitDefender’s tool won’t be able to help them. Also, the chances of having an update on the current decryptor that would enable it to unlock subsequent infections are slim. As the announcement explains, the ransomware authors don’t use pseudo-random number generators but the FIPS 140-2 cryptographic standard, which is a U.S.-government-level crypting module approval system.

All that said, only existing infections are affected by BitDefender’s decryptor, and DarkSide claims that the number of targets who can benefit from it is just “four.” One of them already paid the ransom, so in reality, it’s just three companies. For these three, the directly affected partners will be fully compensated from the DarkSide’s deposit in the next 10 days.

This is a move to help establish a higher level of trust between the operators of the RaaS program and the partners. In this context, the operators declared a plan to increase the deposit amount in the following two months to cover for any potential problems in the future. In addition to all of the above, existing partners will get to keep the full amounts of any paid ransoms for the next three weeks, while new registrants will enjoy a cut of 90% for the first two weeks.

Finally, DarkSide mocks BitDefender for choosing a very bad time to release the decryptor as the New Year holidays are when everyone is taking a break, including ransomware actors. Thus, there were no significant attacks and no opportunities to help high-profile victims. In fact, DarkSide claims that the publicity from the release of the decryptor actually brought many new partners aboard (20% increase) in just 48 hours, further strengthening the platform.

REVIEW OVERVIEW

Latest

M1 MacBook Users Report Their Screens Cracking and Nobody Knows Why

A growing number of M1 MacBook owners are reporting mysterious cracks on the laptop’s screen.The users claim they never mishandled or dropped...

Scientists Prove Tricking Sophisticated Voice Authentication Systems Is Feasible

Researchers proved that state-of-the-art voice verification systems can be fooled using existing tools.All that would be needed is a set of machine-learning...

DISH and Sling TV Filed Lawsuits Targeting 4 Sports Streaming Pirate Sites

DISH and Sling TV filed a lawsuit against 'SportsBay', 'Freefeds', and 'live NBA' streaming domains.These platforms are redistributing the broadcasters’ sports channels...