Cyber Threat Weather - May 2021
Rather cloudy on the ransomware / doxware scene this month, focus on the evolution and activities of Carbon Spider (Darkside).
Weak signals for Strategic CTI
- A unique capability of Darkside is to mount additional partitions to further encrypt them
- Another peculiar function is to enumerate and attempt encrypting network shares with low permission levels
Anticipation : Such worming/reconnaissance and additional partition encryption capabilities could encounter a great success by the top-tier doxware/ransomware operators in a near future.
Ransomware-as-a-service landscape evolution, along with a more in depth Darkside's history.