← Back to Ransomware Tracker

Darkside

Inactive
Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service). They have become known for their operations of large ransoms scale. They have announced that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can be able to pay large ransoms. Darkside ransomware group became very famous following the cyberattack of the Colonial Pipeline and Toshiba unit. The FBI finally terminate the Darkside operation and Managed to pull money from their wallets back.
10 Victims
Aug 1, 2020 First Discovered
May 13, 2021 Last Discovered
1771 Days Inactive
0% Infostealer
0/1 Sites Online
Top Countries
CA 2
GB 1
US 1
IT 1
BR 1
Top Sectors
Commercial Facilities 3
Transportation Systems 2
Financial 1
Critical Manufacturing 1
Information Technology 1
Food and Agriculture 1
Energy 1
Known Locations (1)
darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion
Tools Used
Exfiltration
Bashupload, MEGA, pCloud, RClone, Sendspace
RMM-Tools
AnyDesk, GoToAssist, TightVNC
DiscoveryEnum
ADRecon, AdFind, Advanced IP Scanner, SoftPerfect NetScan
Networking
Plink
CredentialTheft
Mimikatz, SessionGopher
Offsec
Cobalt Strike, CrackMapExec, Impacket, PowerSploit
DefenseEvasion
LOLBAS
PsExec
Intelligence
5 Negotiation Chats
📄 1 Ransom Notes
View the actual ransom notes used by this group
Victims (10)
One Call (insurance)
GB Financial Discovered: May 13, 2021 · Attack est.: May 13, 2021
Colonial Pipeline
US Transportation Systems Discovered: May 7, 2021 · Attack est.: May 7, 2021
Toshiba Tec Group
Critical Manufacturing Discovered: May 1, 2021 · Attack est.: May 1, 2021
Compucom (MSP)
Information Technology Discovered: Feb 27, 2021 · Attack est.: Feb 27, 2021
Discount Car and Truck Rentals
CA Transportation Systems Discovered: Feb 1, 2021 · Attack est.: Feb 1, 2021
Segafredo Zanetti
IT Food and Agriculture Discovered: Feb 1, 2021 · Attack est.: Feb 1, 2021
Companhia Paranaense de Energia (Copel)
BR Energy Discovered: Feb 1, 2021 · Attack est.: Feb 1, 2021
Home Hardware Stores Ltd
CA Commercial Facilities Discovered: Feb 1, 2021 · Attack est.: Feb 1, 2021
Guess
Commercial Facilities Discovered: Feb 1, 2021 · Attack est.: Feb 1, 2021
Brookfield Residential (land developer and home builder)
Commercial Facilities Discovered: Aug 1, 2020 · Attack est.: Aug 1, 2020
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Tracker