Threat intelligence experts are warning of a new version of the Darkside ransomware variant which its creators claim will feature faster encryption speeds, VoIP calling and virtual machine targeting.
Israeli outfit Kela shared with Infosecurity information posted by the Russian-speaking group to dark web forums XSS and Exploit.
They claim that the Windows version of Darkside 2.0 encrypts files faster than any other ransomware-as-a-service (RaaS) and is twice as speedy as the previous iteration. This will mean victims have even less time to pull the plug if they find their network has been infected.
Darkside 2.0 now also features multithreading in both Windows and Linux versions.
The Linux version of the ransomware is now able to target VMware ESXi vulnerabilities, meaning it can hijack virtual machines and encrypt their virtual hard drives.
It’s also been designed to target network-attached storages (NAS), including Synology and OMV, for even more pervasive encryption of victim systems, said Kela.
Finally, Darkside 2.0 features a “call on us” function enabling affiliates to make VoIP calls for free to victims, partners and even journalists. The aim here is to exert extra pressure on victims to pay up.
Interestingly, the gang has apparently deposited over $1m in Bitcoin (23 BTC) on XSS, “intended for solving any financial issues.”
Darkside is somewhat unusual in RaaS operations in that its rules to affiliates specify no targeting of healthcare and vaccine distribution facilities, schools, public sector and non-profit organizations.
It also mandates no targeting of former Soviet states grouped under the Commonwealth of Independent States (CIS) coalition, including Georgia and Ukraine, hinting at the origins of the group.
In October last year the Darkside group grabbed headlines after donating $10,000 stolen from corporate victims to charities, although some experts claimed it was merely trying out a new way to launder funds.