{
	"id": "5b63e264-30c3-4e0f-97f9-3cbea4616c56",
	"created_at": "2026-04-06T00:19:52.016053Z",
	"updated_at": "2026-04-10T13:11:27.645148Z",
	"deleted_at": null,
	"sha1_hash": "be031adab37b5419e9f24caf034769c5f0f6ddbd",
	"title": "Darkside Ransomware Technical Analysis - Open Report - Brandefense",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38456,
	"plain_text": "Darkside Ransomware Technical Analysis - Open Report -\r\nBrandefense\r\nPublished: 2023-11-29 · Archived: 2026-04-05 14:40:13 UTC\r\n(…) The DarkSide ransomware has been identified as a cybercrime gang thought to be based in Russia, especially\r\ntargeting the US and Eastern European corporations. Also, they leverage ransomware in their campaign. They\r\nhad targeted energy, financial, and so on sectors. But targets do not include hospitals, government institutions,\r\nschools, or non-profit organizations. DarkSide was first seen in August 2020. Also, their loudest operation is\r\nknown as Colonial Pipeline in the US.\r\nThe DarkSie threat group has also been using the Double Extortion attack model. It is standardized between\r\nransomware gangs to enforce organizations with disaster recovery plans that refuse to pay the ransom. Therefore,\r\nif the victim accomplishes recovering encrypted data, they still have to pay to avoid publicly sharing data\r\nThe DarkSide exhibits aggressive behavior for their targets to pay the ransom, dispositions to send emails to the\r\nemployee if they think to get ignored or their victims did not respond themselves in 2-3 days. If this method is not\r\nworking, they will not hesitate to tell by calling high-level executives. In this way, threat actors will notify the\r\nvictim customers or press about the ransomware attack.\r\nThe DarkSide ransomware gang has been sold ransomware as RaaS modeling in underground cybercrime forums.\r\nThis situation enables to conduct of campaigns without technical requirements(…)\r\nSource: https://brandefense.io/darkside-ransomware-analysis-report/\r\nhttps://brandefense.io/darkside-ransomware-analysis-report/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://brandefense.io/darkside-ransomware-analysis-report/"
	],
	"report_names": [
		"darkside-ransomware-analysis-report"
	],
	"threat_actors": [],
	"ts_created_at": 1775434792,
	"ts_updated_at": 1775826687,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/be031adab37b5419e9f24caf034769c5f0f6ddbd.pdf",
		"text": "https://archive.orkl.eu/be031adab37b5419e9f24caf034769c5f0f6ddbd.txt",
		"img": "https://archive.orkl.eu/be031adab37b5419e9f24caf034769c5f0f6ddbd.jpg"
	}
}