DarkSide Ransomware Returns with Data‑Stealing Upgrade, Targets Critical Infrastructure

The DarkSide ransomware gang, dormant for six months, has resurfaced with a revamped payload that first exfiltrates victim data before encrypting files. The group now threatens to release stolen information publicly unless a ransom is paid, adding a double‑extortion lever to its attack chain.

Its renewed focus on critical infrastructure operators raises the stakes for defenders. Organizations must assume that any DarkSide intrusion will include both encryption and data theft, requiring immediate containment, robust backup verification, network‑traffic monitoring for large data transfers, and updated detection signatures to spot the new loader and exfiltration behavior.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article