DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices. Access need to be gained before distributing the Ransomware
As part of this arrangement, the DarkSide ransomware developers receive a 10-25% cut, and an affiliate gets 75-90% of any ransom payments they generate.
Distributed storage system to leak data
DarkSide has stated that they are working on a distributed storage system to store and leak victims’ stolen data. Following double- extortion techniques is famous strategy.
To disrupt these extortion demands, law enforcement and cybersecurity firms actively try to take down these data leak sites.DarkSide states that they plan to create a distributed “sustainable storage system” in Iran to host the victim’s stolen data for six months.
“Some targets think that if a lot of data has been downloaded from them, then after their publication, hackers and other people will download it for a long time through the TOR. We think so too, so we will change it.” Sustainable server means data will get replicated between servers with an retention of 6 months
The DarkSide operation announced that they were looking for new Russian affiliates to join their program, who they claim to earn an average of $400k per victim.
Unlike other ransomware operations, such as Ryuk, Egregor, and others, DarkSide states that do not allow attacks on:
It is too soon to tell if DarkSide will keep its promises about not targeting these organizations.