If you see this ransomware note below, then you are hit by Darkside Ransomware.
In this page we will explain to you what has happened and how you can decrypt your files from Darkside Ransomware.
What is Darkside Ransomware?
A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts.
Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies.
DarkSide states that they only target companies that can pay the specified ransom as they do not “want to kill your business.”
The threat actors have also stated that they do not target the following types of organizations.
- Medicine (hospitals, hospices).
- Education (schools, universities).
- Non-profit organizations.
- Government sector.
It is too soon to tell if they will honor this statement.
From victims seen by BleepingComputer, DarkSide’s ransom demands range from $200,000 to $2,000,000. These numbers can likely be more or less depending on the victim.
Is there any decryption for Darkside Ransomware?
No. You need to be careful though because Darkside can cause more trouble to your network that you already have.
You can use our Fast Forensics services so we can help you limit the damage caused and check if we can decrypt some files.
Darkside Ransomware Note
Ransom Note: README.asda34wq.TXT
———– [ Welcome to DarkSide ] ————->
What happend?
———————————————-
Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data.
But you can restore everything by purchasing a special program from us – universal decryptor. This program will restore all your network.
Follow our instructions below and you will recover all your data.
We downloaded a lot of interesting data from your network.
If you need proofs, we are ready to give it.
The data is preloaded and will be automatically published if you don’t pay.
Your data will be available after automatic publication for free downloading at least 6 months at our tor cdn servers.
If within 3 days you don’t contact with us, we will send press-releases about this accident to major media outlets, after another 3 days after sending press-releases we will start to upload your private data.
Here is the list of information that we copied from your network:
Passports and visas from:
DOCUMENTS
VISAS
USER LIST
We paid a lot of attention to the personal data of employees as well as the drawings of your projects
You must understand that if information about your developments gets publicly available:
1) your clients data can be used by criminals
2) your clients will fill lawsuit against you
3) government regulators will fine you for data breach, if you have in clients at least one EU resident then you will be also fined by EU government by GDPR law with millions of dollars of fine or permit ban for working with EU citizents. US has the similar laws, but they are not so costly, however the total cost will exceed the asked amount from you, so our offer is the best deal for you to resolve this issue.
What guarantees?
———————————————-
We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems.
We guarantee to decrypt one file for free. Go to the site and contact us.
How to get access on website?
———————————————-
Using a TOR browser:
1) Download and install TOR browser from this site: https://torproject.org/
2) Open our website: http://darksidfqzcuhtk2.onion/ K71D6P88YTX04R3ISCJZHMD5IASDFV9247QHJY0HJYUXX68H2P05XPRIR5SP2U68
When you open our website, put the following data in the input form:
Key:
jdahflakjhsdfjahwoieuroqiwcmvzxndk;liuhqa;nrgfa,ndv,zmxngf;ashrtg;iahs;lgna,lmnv.al,kfng;langl
!!! DANGER !!!
DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them.
!!! DANGER !!!
Darkside Characteristics
| Name | DarkSide virus |
| Threat Type | Ransomware, Crypto Virus, Files locker |
| Encrypted Files Extension | Victim’s ID |
| Ransom Demanding Message | README.[victim’s_ID].TXT, Tor website |
| Ransom Amount | 194 BTC (+10%)/388 BTC (+10%) or 23220.713 XMR/46441.426 XMR |
| Cyber Criminal Contact | Tor website |
| Detection Names | Avast (Win32:Malware-gen), BitDefender (Gen:Trojan.Heur.RP.bmGfbKkIF@n), Emsisoft (Gen:Trojan.Heur.RP.bmGfbKkIF@n (B)), Kaspersky (Trojan-Ransom.Win32.Gen.xyl), Full List Of Detections (VirusTotal) |
| Symptoms | Cannot open files stored on your computer, previously functional files now have a different extension (for example, my.docx.locked). A ransom demand message is displayed on your desktop. Cyber criminals demand payment of a ransom (usually in bitcoins) to unlock your files. |
| Additional Information | This ransomware may be used to target large companies, organizations |
| Distribution methods | Infected email attachments (macros), torrent websites, malicious ads. |
| Damage | All files are encrypted and cannot be opened without paying a ransom. Additional password-stealing trojans and malware infections can be installed together with a ransomware infection. |
Darkside Data Leak
DarkSide states that if a victim does not pay, they will publish all of the data on their website for at least six months.
This extortion strategy is designed to scare a victim into paying the ransom even if they can recover from backups.
If a victim pays the ransom, DarkSide states that they will remove the stolen data from their leak site.
For the victim that had paid the ransom, their data has already been removed from the site.
What shall i do if i am infected by Darkside Ransomware?
Contact us immediately for advice and decryption services.