DarkSide Returns, Targeting Banks with Double‑Extortion Ransomware

After months of inactivity, the DarkSide ransomware gang announced its comeback, shifting focus to the financial sector. The group now employs a double‑extortion model: victims’ files are encrypted while a separate data‑exfiltration operation gathers sensitive information that the attackers threaten to publish unless a ransom is paid.

The impact on banks can be severe—operational downtime from encrypted systems, costly ransom payments, and potential regulatory penalties from data leaks. Defenders must prioritize detection of both encryption activity and outbound data exfiltration, harden backup and recovery processes, and monitor DarkSide’s known command‑and‑control infrastructure to stop the group before it can compromise critical financial assets.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article