Victims of DarkSide ransomware can now recover their files for free.

Bitdefender, a cybersecurity firm in Romania, put out a free tool for DarkSide victims to get their files back without paying the ransom. The Bitdefender site hosts the free download and instructions.

DarkSide has been around since August 10, 2020. We briefed you on it here in August.

DarkSide ransomware group specifically targets what is considered in cybersecurity as “low hanging fruit” through unsecured environments. Environments with open RDP (Remote Desktop Protocol), online backups and those vulnerable to phishing techniques are at risk. DarkSide, based on previous attack analysis, even reviews financial documents to understand the victim’s income and determine if they are capable to pay the ransom.

The DarkSide threat group has yet to publish the names and data of new victims since before winter 2020. Deemed as still active, the ransomware operators included a new section to their leak site specifically for journalists. It asks reporters, “You a press or recovery company? Learn more”.

Although, some victims have already paid the ransom or used their backups, this particular decryptor has a purpose. It can help an organization obtain crucial files that had been encrypted months ago, which weren’t able to be restored, but saved somewhere on a backup. This news ruins their reputation as threat actors looking to use a RaaS will likely move to another service without a publicly available, free decryptor. Lastly, Bitdefender’s free tool incurs operational costs to the threat group.

In all, the decryptor should work for all versions, despite the customized file extension given to each victim.

When organizations partner with a cybersecurity company like SpearTip, logs are monitored 24/7/365. SpearTip’s ShadowSpear® Platform has been proven to prevent the advanced malware, too. Not only does ShadowSpear® prevent malicious encryption, but also would have detected and prevented the activity that allowed DarkSide full access to the environment. Our professional, certified cybersecurity engineers protect environments and deploy our proprietary tool, ShadowSpear® when an environment is under attack.