Cybercriminal groups are scaling up their operations. According to BleepingComputer, the DarkSide Ransomware operation have claimed they are creating a distributed storage system in Iran to store and leak data stolen from victims.
Since double-extortion ransomware became threat actors’ attack of choice, law enforcement and security firms have been actively searching the stolen data in order to disrupt extortion demands. “Ransomware gangs are increasingly copying the models used by legitimate businesses. From Ransomware and Phishing-as-a-Service, it is clear that cybercriminals dispose of substantial resources and expertise,” said Paul Norris, senior systems engineer at Tripwire. “DarkSide Ransomware’s move of creating a storage system is further confirmation of the scale of their operations. It also testifies to the lucrativeness of the double extortion model – where criminals steal their victims’ data before encrypting it and threaten to make them public to further incentivise the payment of the ransom.”
In fact, DarkSide’s move comes in response to these efforts, with their plan to put together a “sustainable storage system” in Iran, where to store victim’s data for six months. Furthermore, DarkSide’s storage system will also duplicate the data across several servers in order to make the discovery and blocking of one server useless.
“The news also serves as a further incentive for security vendors and for organisations to invest in research and development and in attracting talented candidates to the industry. To every effort to protect critical systems corresponds an equal and opposite strive on the part of bad actors to find an entry point, and the security community should be ramping up their efforts to remain ahead of the curve,” advised Norris.