When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Threat actors target manufacturing facilities to disrupt product distribution.
Threat actors target legal companies and law firms, stealing their client's confidential information.
Threat actors target financial institutions to steal people's names, financial records, social security numbers, and bank accounts.
Threat actors target critical infrastructure, impacting businesses that provide services to consumers and other organizations.
DarkSide ransomware created a Linux version of the ransomware that targets ESXi servers hosting VMware virtual machines.
The Colonial Pipeline shut down 5,500 miles of the pipeline due to the DarkSide ransomware breach that affected the East Coast.
The Japanese tech giant, Toshiba, was breached by the DarkSide ransomware causing the company to disconnect network connections between Japan and Europe to prevent the malware from spreading.
Victim’s ID
Eight lowercase hexadecimal characters
DarkSide ransomware gain initial access using brute force attacks and exploiting known vulnerabilities in the remote desktop protocol (RDP). The ransomware performs a validation on the machine to infect after gaining initial access and then collects information about the computer name and system language during the initial code execution phase. DarkSide ransomware checks to see if user has administrator privileges, if not, the ransomware will use the UAC bypass technique by exploiting the CMSTPLUA COM interface to gain administrator privileges. The ransomware locates the data backup applications, exfiltrates the data, and then encrypts local files.
Using PowerShell scripts, the ransomware deletes the volume shadow copies preventing victims from recovering the files. DarkSide implements the Impair Defense method to disable security protection services avoiding possible detection of their tools and activities. The Impair Defenses technique can include killing security software or event logging processes, deleting Registry keys so the tool will not start at run time, or interfering with security tools that scan or report information. DarkSide then deletes the security protection services. A custom 8 characters file extension is generated based on machine GUID and using API RtlComputeCRC32 and will be added to each encrypted file name. Darkside uses encrypted APIs, strings, and ransom notes to avoid ransomware detection. The ransomware uses Salsa20, a key randomly generated using RtlRandomEx API, and an RSA-1024 public key to encrypt the files.
SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.