For six months, DarkSide partners will be able to store stolen data in distributed storage.
Operators of ransomware DarkSide, a ransomware-as-a-service (RaaS) business model, have advertised a distributed storage facility in Iran for data stolen from organizations in cyberattacks. If successful, this practice could be adopted by other ransomware operators. In this case, organizations will face a serious problem, since this will significantly complicate the task of security officers to prevent the publication of stolen corporate information.
"Such servers in Iran and other countries are more difficult to locate, block and seize due to lack of cooperation from local law enforcement agencies," Victoria Kivilevich, an analyst at the Israeli information security company KELA, explained to DarkReading, which discovered the new criminal scheme.
At the same time, storing stolen data in a distributed system will make it easier for cybercriminals to access the data compared to downloading files through Tor, as is usually done now.
“Overall, this move shows that ransomware developers are stepping up efforts to scale their operations and build a complex ecosystem designed to inflict significant damage to victims,” Kivilevich said.
Security researchers from KELA discovered two recent announcements on the DarkSide operators' blog. In its first announcement on November 11, the group announced its intention to create a distributed storage system that its partners (or so-called affiliates) could use to store stolen data from victims. Advertising guarantees partners that the stolen data will be stored for at least six months.
“We are already working on a sustainable storage system for your data. All your data will be replicated between several servers, and blocking one server will not delete the data, ”the cybercriminals said.
However, in a follow-up November 15 report from DarkSide operators, the group admitted that it may not have fully thought through its plans to store the stolen data on servers in Iran. The Office of Foreign Assets Control of the US Treasury Department has made it clear that victims of ransomware in the United States may face legal problems if they pay ransoms to criminal groups associated with organizations or countries (including Iran) on US sanctions lists.
As the operators of DarkSide explained in the second post, the stolen data is not currently stored on any servers in Iran. According to them, the information stolen from the victims of the ransomware will not be stored in countries included in the US government's sanctions list. “Therefore, do not worry, we are not on the sanctions lists and are not citizens of Iran,” the message says.
__________________
Operators of ransomware DarkSide, a ransomware-as-a-service (RaaS) business model, have advertised a distributed storage facility in Iran for data stolen from organizations in cyberattacks. If successful, this practice could be adopted by other ransomware operators. In this case, organizations will face a serious problem, since this will significantly complicate the task of security officers to prevent the publication of stolen corporate information.
"Such servers in Iran and other countries are more difficult to locate, block and seize due to lack of cooperation from local law enforcement agencies," Victoria Kivilevich, an analyst at the Israeli information security company KELA, explained to DarkReading, which discovered the new criminal scheme.
At the same time, storing stolen data in a distributed system will make it easier for cybercriminals to access the data compared to downloading files through Tor, as is usually done now.
“Overall, this move shows that ransomware developers are stepping up efforts to scale their operations and build a complex ecosystem designed to inflict significant damage to victims,” Kivilevich said.
Security researchers from KELA discovered two recent announcements on the DarkSide operators' blog. In its first announcement on November 11, the group announced its intention to create a distributed storage system that its partners (or so-called affiliates) could use to store stolen data from victims. Advertising guarantees partners that the stolen data will be stored for at least six months.
“We are already working on a sustainable storage system for your data. All your data will be replicated between several servers, and blocking one server will not delete the data, ”the cybercriminals said.
However, in a follow-up November 15 report from DarkSide operators, the group admitted that it may not have fully thought through its plans to store the stolen data on servers in Iran. The Office of Foreign Assets Control of the US Treasury Department has made it clear that victims of ransomware in the United States may face legal problems if they pay ransoms to criminal groups associated with organizations or countries (including Iran) on US sanctions lists.
As the operators of DarkSide explained in the second post, the stolen data is not currently stored on any servers in Iran. According to them, the information stolen from the victims of the ransomware will not be stored in countries included in the US government's sanctions list. “Therefore, do not worry, we are not on the sanctions lists and are not citizens of Iran,” the message says.
__________________