{
	"id": "25742da3-e4ba-4a27-b21a-b4a223824ef7",
	"created_at": "2026-04-06T00:15:11.795783Z",
	"updated_at": "2026-04-10T13:12:30.884121Z",
	"deleted_at": null,
	"sha1_hash": "61b9ee4d82225fa7ba0c428107d77bef93b83120",
	"title": "Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39202,
	"plain_text": "Darkside 2.0 Ransomware Promises Fastest Ever Encryption\r\nSpeeds\r\nBy Phil Muncaster\r\nPublished: 2021-03-12 · Archived: 2026-04-02 12:20:34 UTC\r\nThreat intelligence experts are warning of a new version of the Darkside ransomware variant which its creators\r\nclaim will feature faster encryption speeds, VoIP calling and virtual machine targeting.\r\nIsraeli outfit Kela shared with Infosecurity information posted by the Russian-speaking group to dark web forums\r\nXSS and Exploit.\r\nThey claim that the Windows version of Darkside 2.0 encrypts files faster than any other ransomware-as-a-service\r\n(RaaS) and is twice as speedy as the previous iteration. This will mean victims have even less time to pull the plug\r\nif they find their network has been infected.\r\nDarkside 2.0 now also features multithreading in both Windows and Linux versions.\r\nThe Linux version of the ransomware is now able to target VMware ESXi vulnerabilities, meaning it can hijack\r\nvirtual machines and encrypt their virtual hard drives.\r\nIt’s also been designed to target network-attached storages (NAS), including Synology and OMV, for even more\r\npervasive encryption of victim systems, said Kela.\r\nFinally, Darkside 2.0 features a “call on us” function enabling affiliates to make VoIP calls for free to victims,\r\npartners and even journalists. The aim here is to exert extra pressure on victims to pay up.\r\nInterestingly, the gang has apparently deposited over $1m in Bitcoin (23 BTC) on XSS, “intended for solving any\r\nfinancial issues.”\r\nDarkside is somewhat unusual in RaaS operations in that its rules to affiliates specify no targeting of healthcare\r\nand vaccine distribution facilities, schools, public sector and non-profit organizations.\r\nIt also mandates no targeting of former Soviet states grouped under the Commonwealth of Independent States\r\n(CIS) coalition, including Georgia and Ukraine, hinting at the origins of the group.\r\nIn October last year the Darkside group grabbed headlines after donating $10,000 stolen from corporate victims to\r\ncharities, although some experts claimed it was merely trying out a new way to launder funds.\r\nSource: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/\r\nhttps://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/"
	],
	"report_names": [
		"darkside-20-ransomware-fastest"
	],
	"threat_actors": [],
	"ts_created_at": 1775434511,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/61b9ee4d82225fa7ba0c428107d77bef93b83120.pdf",
		"text": "https://archive.orkl.eu/61b9ee4d82225fa7ba0c428107d77bef93b83120.txt",
		"img": "https://archive.orkl.eu/61b9ee4d82225fa7ba0c428107d77bef93b83120.jpg"
	}
}