The CISA has published a new Malware Analysis Report (MAR) on DarkSide Ransomware and updated Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, originally released May 11, 2021. This update adds indicators of compromise associated with a DarkSide ransomware variant that executes a dynamic-link library used to delete Volume Shadow copies available on the system.
This Malware Analysis Report (MAR) is the result of analytic efforts by the Cybersecurity and Infrastructure Security Agency (CISA). CISA processed three (3) files associated with a variant of DarkSide ransomware.
NOTE: CISA has no evidence that this variant is related to the pipeline incident, referred to in Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks.
Read the full report – https://us-cert.cisa.gov/ncas/analysis-reports/ar21-189a