Bitdefender announced yesterday a free tool that can help the victims of Darkside ransomwarea to return their encrypted files for free, without paying a ransom.
A tool that can be downloaded from the BitDefender site, along with instructions for use, gives hope to companies whose important files have been locked by one of the currently most sophisticated ransomware.
Darkside Group which was noticed in August last year, is still active on forums that gather cyber criminals and where her ads appear.
The group’s business model – “ransomware as a service” (RaaS), involves associating with other criminal groups. This means that groups that apply for Darkside RaaS get a fully functional version of Darkside ransomware and using their own methods to hack companies, install ransomware and then demand huge sums from the victims, of several hundred thousand or millions of US dollars.
This way of working is not new and is known as “hunting for big players” because criminal groups are focused on companies and not on home users, and therefore hope for higher earnings.
In situations where victims are reluctant to pay, the Darkside Group publishes documents it stole from the company on a dedicated site, as a form of punishment and a warning to other victims who may want to return their encrypted files from backups instead of paying.
Although Darkside has not posted the names and details of the new victims on its website for several weeks, it is believed that the group is still active.
As MalwareHunter reported, the group is still active, as evidenced by the update of its site last week when criminals added a new section on the site intended for journalists, where journalists can get in direct contact with members of the group.
Although most of the victims paid the ransom, the tool released by BitDefender should help companies that have not done so to return important documents that have been locked for months and that have failed to recover from backups.
The tool, on the other hand, also means new costs for the Darkside group, which will now have to work on their ransomware code to prevent free decryption.
Third, the tool is bad for Darkside RaaS ‘reputation. Many ransomware have been abandoned in the past after the release of the free decryption tool, as most ransomware buyers have turned to new ransomware that cannot be decrypted.
As for the victims themselves, the good news is that the free tool released by Bitdefender, in theory, should work for all the latest versions of Darkside ransomware, regardless of the extension that fraudsters added at the end of each encrypted file that is unique to each sacrifice, because it was obtained on the basis of local characteristics. BitDefender says that should not be a problem.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!