Coveware, the ransomware negotiation firm, have recently placed DarkSide operation on an internal restricted list following the threat actor’s announcement to host infrastructure in Iran. DarkSide ransomware operation usually encrypts a network from which their affiliates will steal an unencrypted file from, which they will then threaten to release if their ransom is not paid. Therefore, their recent announcement for operations in Iran has caused concern among industry key figures.
