DarkSide Defunct

Responsible for the Colonial Pipeline attack. Shut down after intense law enforcement pressure. Rebranded as BlackMatter.
PDF Report Back to Groups
108
Total Victims
2020-08-01
First Seen
2021-04-28
Last Seen
0
Known TTPs
17.1d
Avg Delay
0
Negotiations
ONION URLS
darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion
TOOLS
PowerShell Empire nltest IcedID
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2021-04-28 InnovativeDental United Kingdom Automotive Removed
2021-04-28 Cross Dental Inc. United Kingdom Telecommunications Removed
2021-04-26 Navigator IT Inc. Netherlands Financial Services Removed
2021-04-25 Allied Sports Inc. United States Healthcare Published
2021-04-25 Pine & Central Place United States Technology Published
2021-04-25 Royal Star Philippines Government Removed
2021-04-24 Magna Supply Inc. Singapore Non-Profit Removed
2021-04-22 Apex Enterprises Ltd Italy Government Published
2021-04-21 Innovative Insurance Inc. United Kingdom Education Published
2021-04-18 Eagle Consulting Canada Government Published
2021-04-14 Vanguard Life Ltd Japan Technology Published
2021-04-11 White Tools United Kingdom Technology Published
2021-04-10 Grand Water United States Manufacturing Published
2021-04-04 Global Comm Inc. Mexico Energy Published
2021-04-04 Sky Force Ltd Bulgaria Financial Services Published
2021-04-02 Harbor Bridge Ltd Chile Education Published
2021-04-01 Superior & Summit Logistics United Kingdom Healthcare Published
2021-03-25 Mid Dynamics Ltd India Professional Services Published
2021-03-24 Magna Electronics LLC United States Government Removed
2021-03-24 Sterling Materials GmbH Brazil Construction Removed
2021-03-15 EmpireEnterprises Germany Manufacturing Published
2021-03-07 FederalDefense Israel Energy Published
2021-03-06 Zenith Place United States Financial Services Published
2021-03-06 Noble Mechanical Inc. Guatemala Technology Published
2021-03-02 Innovative Robotics Ltd United Kingdom Retail Published
2021-02-26 Golden Solutions Ltd Australia Education Removed
2021-02-25 Core & Tower Security India Professional Services Published
2021-02-24 North Metals Ltd Switzerland Energy Published
2021-02-23 City Mobile GmbH Canada Energy Published
2021-02-22 Patriot Manufacturing LLC India Mining Published
2021-02-18 Lighthouse & New Freight Venezuela, Bolivarian Republic of Financial Services Removed
2021-02-18 Liberty Robotics GmbH Hungary Manufacturing Published
2021-02-14 PineRail Germany Technology Removed
2021-02-12 First & Oak Mobile Portugal Real Estate Published
2021-02-08 Legacy Materials Ltd United Arab Emirates Professional Services Published
2021-02-02 WesternWare United States Food & Beverage Published
2021-01-28 CrownHealth France Healthcare Published
2021-01-26 Integral Land LLC Portugal Mining Published
2021-01-21 RidgeInfo South Africa Construction Published
2021-01-20 Bayerische Landesbank Germany Financial Services Published
2021-01-18 Quest Data Ltd United States Manufacturing Removed
2021-01-18 WhitePharma Türkiye Legal Published
2021-01-14 Smart & New Packaging New Zealand Telecommunications Removed
2021-01-13 Nova Labs Canada Pharmaceuticals Published
2021-01-12 MapleEnergy Germany Manufacturing Published
2021-01-09 Red Design Inc. Türkiye Education Published
2021-01-09 Mid Health GmbH Mexico Legal Removed
2021-01-06 Crown Manufacturing Ltd Taiwan, Province of China Healthcare Published
2021-01-05 Apex Point GmbH United States Government Published
2021-01-04 South Security Inc. Netherlands Construction Removed
2021-01-01 Tri & Innovative Products Germany Real Estate Removed
2020-12-28 Red Water Inc. Czechia Insurance Published
2020-12-27 Liberty Mobile LLC Lithuania Utilities Removed
2020-12-21 TitanChem Venezuela, Bolivarian Republic of Government Published
2020-12-19 Capital & Rapid Media United States Professional Services Removed
2020-12-15 Titan Force Inc. India Education Removed
2020-12-06 Pacific Products Inc. United States Insurance Published
2020-12-04 Strategic Cloud Ltd Indonesia Technology Published
2020-12-02 Highland Energy LLC United States Construction Published
2020-11-28 Northwest Works Portugal Retail Negotiating
2020-11-28 Elite Foods LLC United States Energy Published
2020-11-22 Universal Networks LLC Indonesia Hospitality Published
2020-11-22 Empire Telecom GmbH Canada Healthcare Published
2020-11-21 Modern & Innovative Corp United States Healthcare Published
2020-11-19 Sterling Industries GmbH Luxembourg Construction Published
2020-11-18 Royal Connect Inc. Italy Financial Services Negotiating
2020-11-16 PrimeComm Indonesia Financial Services Published
2020-11-14 Guardian Labs Austria Construction Published
2020-11-08 Horizon Technologies GmbH Germany Manufacturing Removed
2020-11-02 Lighthouse Corp LLC Saudi Arabia Transportation Removed
2020-11-02 Cross Guard GmbH Netherlands Construction Published
2020-10-28 Legacy Bridge Inc. France Telecommunications Published
2020-10-26 SouthTech Canada Education Published
2020-10-26 AtlasManagement Canada Professional Services Negotiating
2020-10-21 ZenithPoint Canada Manufacturing Published
2020-10-15 North & Sunrise Net Latvia Transportation Published
2020-10-15 American Solutions Inc. Norway Technology Removed
2020-10-14 Magna & Zenith Studios India Financial Services Published
2020-10-10 CoastalDesign United States Energy Published
2020-10-10 Euro Trade Ltd United States Professional Services Published
2020-10-10 MidManufacturing India Manufacturing Published
2020-10-10 Imperial Hospitality Ltd United States Telecommunications Removed
2020-10-08 Euro Hospitality Inc. United States Professional Services Removed
2020-10-07 City & Nordic Consulting South Africa Insurance Negotiating
2020-10-07 Lone StarMedical United Kingdom Professional Services Removed
2020-10-04 Inter & West Bio United States Education Published
2020-10-03 North Digital Inc. United States Automotive Published
2020-10-03 Blue & Continental Path Japan Education Published
2020-10-01 Pine Ware Ltd United States Manufacturing Published
2020-09-28 Shield Land LLC Estonia Transportation Published
2020-09-26 City Supply GmbH Switzerland Technology Published
2020-09-24 American Net United States Manufacturing Published
2020-09-21 WillowAero Slovenia Construction Published
2020-09-18 Sapphire Power Ltd United States Telecommunications Published
2020-09-16 Lone Star Marine Israel Government Published
2020-09-16 Noble Print LLC Finland Real Estate Removed
2020-09-15 Apex Integrated Ecuador Pharmaceuticals Published
2020-09-08 Iron Networks United States Logistics Negotiating
2020-09-03 Cross Place GmbH Singapore Transportation Published
2020-09-02 Rapid & Vanguard Energy Ireland Technology Removed
2020-08-26 Genesis Works Inc. United Kingdom Construction Published
2020-08-25 Legacy Group Inc. Australia Technology Published
2020-08-24 Frontier & Vanguard Net Switzerland Government Published
2020-08-20 Red & Northwest Oil United States Professional Services Published
2020-08-18 Imperial Enterprises Inc. Slovenia Healthcare Published
2020-08-15 PacificDev Canada Insurance Published
2020-08-05 ZenithLabs France Manufacturing Published
2020-08-02 Lone Star & Crown Tools Romania Technology Removed

No TTPs data

DarkSide_Ransomware Community YARA Rules 
rule DarkSide_Ransomware {
    meta:
        description = "Detects DarkSide ransomware"
        author = "Security Research"
    strings:
        $s1 = "Welcome to DarkSide" ascii
        $s2 = "darkside" ascii nocase
        $s3 = "universal decryptor" ascii
    condition:
        uint16(0) == 0x5A4D and 2 of them
}
TypeValueDescriptionCopy
hash 156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673 DarkSide ransomware
README.{VICTIM_ID}.TXT
----------- [ Welcome to DarkSide ] ------------->

What happened?
----------------------------------------------
Your computers and servers are encrypted, backups are deleted. We use strong
encryption algorithms, so you cannot decrypt your data.
But you can restore everything by purchasing a special program from us -
universal decryptor. This program will restore all your network.
Follow our instructions below and you will recover all your data.

What guarantees?
----------------------------------------------
We value our reputation. If we do not do our work and liabilities, nobody will pay
us. This is not in our interests. All our decryption software is perfectly tested
and will decrypt your data. We will also provide support in case of problems.

We guarantee to decrypt one file for free. Go to the site and contact us.

How to get access on website?
----------------------------------------------
Using a TOR browser:
1) Download and install TOR browser from this site: https://www.torproject.org/
2) Open our website: http://dark[REDACTED].onion/{VICTIM_ID}

When you open our website, put the following data in the input form:
Key: {KEY}

!!! DANGER !!!
DO NOT MODIFY or try to RECOVER any files yourself. We will not be able to RESTORE them.
!!! DANGER !!!