Darkside Ransomware Operator Announces Decentralized Server In Iran

Attackers from Ransomware who steal the data of victims… Thor, by trading. Darkside has announced that it is developing an Iran Disaster distributed storage system.

Wednesday, November 18, 2020, 21:34 GMT

DarkSide, a ransomware service provider, has announced that a distributing infrastructure has been installed. For a time. The data stolen from victims was spread and processed across Iran, which may be daunting for victims of ransomware.

image source: Kaspery.com

If the distributed storage paradigm fails, more ransomware operators would certainly attempt similarly. “If data is spread across the globe, the identification and capturing of ransomware operators would be very difficult,” said Victoria Kivilevich, chief technology company threat analyst, KELA. This is particularly valid for countries that are not well known in international cooperation, such as Iran.

In countries such as Iran, the drawback of decentralized data sharing is that users (and other cyber criminals) are made easy to download stolen data. Currently, hackers share data over the sluggish and unpleasant Tor network. “It ultimately means that the practices of cyber criminals are rapidly evolving and are coordinating. The better you can configure and manage a more complicated infrastructure. Like this open structure of storage.”

Kella was the first defense firm to find darkside ads and market it. Recently, Darkside uploaded two blog ads. The first post is a proposal to establish a distributed customer management system and a stolen data storage strategy is also declared for at least six months. It seems now to be just a device for their clients and it is not clear whether they will rent pooled storage to other suppliers of ransomware.

Darkside builds such a framework by attempting to identify and close websites to reveal details from ransomware attackers, as technology firms and law enforcement authorities do. The site planned in the event of ransomware victims may not pay any money will lead to major disruptions in revenues. It appears that ransomware assailants are implementing new steps.

Darkside has announced the deployment of its distributed storage system in Iran. He said it would be established in certain non-named countries but also ensured that if it occurred in those countries it would not be easy to close it with international cooperation.

Darkside unexpectedly find in his second post that he seemed to lack certain information when carrying out his strategy to store data on several servers in Iran. Your enormous ambitions seem to be not fulfilled yet. It also emerged that the data stolen on servers had not yet been processed.

They also claimed, ‘I am not a national of such a country and I am not an Iranian resident.’ This is linked to the latest US Treasury declaration of sanctions for Ransomware attackers. Oddly, ‘they are ransomware victims and not included in the US Treasury’s designated sanction.’ The declaration by the US Treasury means that you don’t have to bargain with ransomware attackers and you need not pay rent, whilst the dark side attackers insisted that the exchange was OK, since they are not subject to fines.

Kella says ransomware attackers have revealed their next effort in public for the first time. Furthermore, he said that he did not even know of saving compromised files on a distributed storage device. However the degree to which they are going to develop the system is not yet clear. Not quite a bluff. This is not a bluff. But Kibilevich explains, “Building a large-scale system with the revenues it has gathered to date is enough if it’s Darkside.”

In recent years, there have been a rapid growth in the number of ransomware operators on the dark Internet. Intel 471, a threat intelligence agency, reported recently in their blog: “There are over twenty-five organizations who began ransomware as a service we find this year.”

He wrote also that the number of offenders linked to ransomware cannot be reliably calculated since there are many areas where ransomware is not managed as a service company publicly, but is kept confidential.