DarkSide Ransomware
What is DarkSide Ransomware?
DarkSide RansomwareA Russian-speaking ransomware-as-a-service operation, active 2020-2021, best known for the May 2021 Colonial Pipeline attack that disrupted US fuel supply.
DarkSide emerged in August 2020 as a ransomware-as-a-service (RaaS) operation run by a Russian-speaking group sometimes tracked as Carbon Spider or UNC2628. Affiliates deployed the ransomware against enterprise targets, exfiltrating data before encryption to enable double extortion via a dedicated leak site. On 7 May 2021 a DarkSide affiliate breached Colonial Pipeline, forcing the operator to shut down a 5,500-mile fuel pipeline and triggering fuel shortages across the US East Coast; Colonial paid 75 BTC (approximately USD 4.4 million), most of which the FBI later recovered. DarkSide announced its shutdown on 13 May 2021, but its codebase and operators are widely believed to have rebranded as BlackMatter.
● Examples
- 01
The 7 May 2021 Colonial Pipeline attack causing fuel shortages on the US East Coast.
- 02
Double-extortion leaks of corporate data on the DarkSide TOR site in 2020-2021.
● Frequently asked questions
What is DarkSide Ransomware?
A Russian-speaking ransomware-as-a-service operation, active 2020-2021, best known for the May 2021 Colonial Pipeline attack that disrupted US fuel supply. It belongs to the Malware category of cybersecurity.
What does DarkSide Ransomware mean?
A Russian-speaking ransomware-as-a-service operation, active 2020-2021, best known for the May 2021 Colonial Pipeline attack that disrupted US fuel supply.
How does DarkSide Ransomware work?
DarkSide emerged in August 2020 as a ransomware-as-a-service (RaaS) operation run by a Russian-speaking group sometimes tracked as Carbon Spider or UNC2628. Affiliates deployed the ransomware against enterprise targets, exfiltrating data before encryption to enable double extortion via a dedicated leak site. On 7 May 2021 a DarkSide affiliate breached Colonial Pipeline, forcing the operator to shut down a 5,500-mile fuel pipeline and triggering fuel shortages across the US East Coast; Colonial paid 75 BTC (approximately USD 4.4 million), most of which the FBI later recovered. DarkSide announced its shutdown on 13 May 2021, but its codebase and operators are widely believed to have rebranded as BlackMatter.
How do you defend against DarkSide Ransomware?
Defences for DarkSide Ransomware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for DarkSide Ransomware?
Common alternative names include: Carbon Spider DarkSide, UNC2628.
● Related terms
- malware№ 902
Ransomware-as-a-Service (RaaS)
A criminal business model in which ransomware operators rent their malware and infrastructure to affiliates who carry out attacks and share the proceeds.
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.