Operators of the Darkside ransomware claim to have updated their malware with several enhancements in an attempt to promote this ransomware-as-a-service. Darkside 2.0 features quite a few enhancements.

What was discovered?

A message posted by the Russian-speaking group on the dark web forum XSS and Exploit advertises a new version of the Darkside ransomware, which is said to have faster encryption speeds than any other ransomware-as-a-service available in the market.
  • This new Darkside 2.0 version features multithreading in both Windows and Linux versions.
  • It exploits VMware ESXi vulnerabilities and targets Synology and OMV NAS devices.
  • In addition, this new variant features a “call on us” function, which allows the affiliates to make free voice calls (VoIP) to the victims, partners, and journalists.

Recent activities

Several cybercriminals have been observed actively using Darkside ransomware for attacks in the past few months.
  • A few days ago, attackers had targeted CompuCom by installing Darkside ransomware using Cobalt Strike beacons, which caused severe service outages.
  • Last month, Canadian car rental company Discount Car and Truck Rentals was hit with Darkside, impacting around 120 GB of the company’s data.
  • In the same month, two Brazilian electric utility companies Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), were targeted by the ransomware.


With these new enhancements, the operators of Darkside seem to be making it a more efficient and hacker-friendly malware and thus, earning more out of it. With such continuous enhancements, the day is not too far when it turns into a dreadful threat for the entire security community.

Cyware Publisher