Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Darkside

| RaaS

Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service). They have become known for their operations of large ransoms scale. They have announced that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can be able to pay large ransoms. Darkside ransomware group became very famous following the cyberattack of the Colonial Pipeline and Toshiba unit. The FBI finally terminate the Darkside operation and Managed to pull money from their wallets back.
External information

Victims
10
 
First Discovered
2020-08-01
victim
Last Discovered
2021-05-13
victim
Inactive Since
5yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
5
hit
View Victims on World Map View Group Statistics
Known Locations (1)
Favicon Title Type Available Last Visit Server Info FQDN
favicon No 2026-04-28T07:23:34 darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion
Target
Top 5 Activity Sectors
  • Manufacturing 2
  • Transportation/Logistics 2
  • Consumer Services 2
  • Business Services 1
  • Energy 1
Top 5 Countries
  • CA flag Canada 2
  • GB flag United Kingdom 1
  • US flag United States 1
  • BR flag Brazil 1
  • IT flag Italy 1
Heatmap
Ransom Notes (1)
Tools Used
This information is provided by Ransomware-Tool-Matrix
Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
ADRecon
AdFind
Advanced IP Scanner
SoftPerfect NetScan
AnyDesk
GoToAssist
TightVNC
Mimikatz
SessionGopher
Cobalt Strike
CrackMapExec
Impacket
PowerSploit
Plink
PsExec
Bashupload
MEGA
RClone
Sendspace
pCloud
TTPs Matrix (11)
This information is provided by Crocodyli & Ransomware.live
Initial Access Execution Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Exfiltration Command and Control Impact
Valid Accounts Windows Management Instrumentation Exploitation for Privilege Escalation Obfuscated Files or Information OS Credential Dumping: LSASS Memory Network Service Discovery Remote Services: Remote Desktop Protocol Archive Collected Data: Archive via Utility Exfiltration Over Web Service: Exfiltration to Cloud Storage Application Layer Protocol: Web Protocols Data Encrypted for Impact
Exploit Public-Facing Application Command and Scripting Interpreter: PowerShell   Disable or Modify Tools OS Credential Dumping: NTDS Domain Trust Discovery Remote Services: SMB/Windows Admin Shares     Remote Access Software Service Stop
                    Inhibit System Recovery
Negotiation Chats (5)
20200811 85 msgs
20201115 243 msgs
20210215 24 msgs
20210413 63 msgs
20210418 10 msgs
YARA Rules (1)
Victims (10)
Logo
One Call (insurance) GB
Darkside
Discovered: 2021-05-13 (5y ago)
No description available
Logo
Colonial Pipeline US
Darkside
Discovered: 2021-05-07 (5y ago)
No description available
Logo
Toshiba Tec Group
Darkside
Discovered: 2021-05-01 (5y ago)
No description available
Logo
Compucom (MSP)
Darkside
Discovered: 2021-02-27 (5y ago)
No description available
Logo
Discount Car and Truck Rentals CA
Darkside
Discovered: 2021-02-01 (5y ago)
No description available
Logo
Home Hardware Stores Ltd CA
Darkside
Discovered: 2021-02-01 (5y ago)
No description available
Logo
Guess
Darkside
Discovered: 2021-02-01 (5y ago)
No description available
Logo
Companhia Paranaense de Energia (Copel) BR
Darkside
Discovered: 2021-02-01 (5y ago)
No description available
Logo
Segafredo Zanetti IT
Darkside
Discovered: 2021-02-01 (5y ago)
No description available
Logo
Brookfield Residential (land developer and home builder)
Darkside
Discovered: 2020-08-01 (5y ago)
No description available