The ransomware gang known as DarkSide has announced plans to offer a distributed storage platform for affiliates. The plan is to make it harder for authorities to take down sites operated by the gang and make stolen files more accessible to eager buyers.
KELA, a security outlet focused on monitoring the dark web, says the model could cause significant damage to victims.
“Such servers in Iran and [other] countries will be harder to discover, block, and cease due to a lack of cooperation from local authorities,” says Victoria Kivilevich, a threat intelligence analyst with the Israeli company.
She tells DarkReading that storing stolen data on a distributed system will make it easier to access the data compared with downloading files through Tor. Cybercriminals will be eager to buy the data, she says.
“All in all, such a step shows that ransomware developers increase their efforts to scale their operations and form a complex ecosystem designed to cause significant damage to victims,” the analyst believes.
In its ad, DarkSide says the stolen data would be stored for a minimum of six months and promises affiliates that “blocking one server won’t delete data.”
The group’s move seems tied to recent efforts by security vendors and law enforcement to take down sites that ransomware gangs operate.
According to the DarkReading post, the group plans to set up servers in Iran and “unrecognized republics,” while an “automatic system” would direct criminals interested in purchasing stolen data to specific servers.
If the model proves successful, expect to see other ransomware operators copy the model – just like when other gangs copied the steal-first-encrypt-later model pioneered by the Maze gang.