DARKRACE: ANALYSIS OF THE LAST APPEARED RANSOMWARE GROUP
Here’s what we’ve discovered so far.
The ransomware is easily recognizable
DarkRace malware encrypts the infected files and appends its extension “.1352FF327” to filenames.
The ransom note, included in the text file named “Readme.1352FF327.txt”, informs victims that data has been stolen and encrypted with the threat to publish the info if the ransom is not paid.
The note also provides a link to access the Tor site and ways to contact the criminal group via qTox chat or email.
The victims belong to different categories
So far we discovered 9 DarkRace victims, one in May 2023 and (at the moment) 8 in June.
Analysing the victims categories we discovered they are 7:
- Professional / Scientific / Technical
- Transportation / Storage
- Wholesale / Retail
- Financial / Insurance
ICT and Professional / Scientific / Technical (both 22% of total attacks) are the most targeted categories.
Most of the victims are in Europe
78% of DarkRace victims are in Europe, while 22% are in America.
Italy is the most targeted country by the group (37% of cyber attacks), followed by US (25%).
CO.NA.TE.CO. (Consorzio Napoletano Terminal Containers), Pessi and Pluriservice are the latest Italian victims of DarkRace.
Other targeted countries are Switzerland, Poland, Germany, the Czech Republic.
Ultimately DarkRace is a recently appeared group that seems to be accelerating its operations.
Although the cybercriminal group assures that victims will recover the data upon payment of the ransom, it is good to remember there is no guarantees and it’s never recommended to pay the criminals.
On the contrary, we suggest keeping computer systems safe by implementing all possible defensive strategies.
Stay Cyber Safe!