A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3)

Summary Darkside ransomware is the malware family responsible for the Colonial Pipeline attack on May 7 2021 as described at https://www.zdnet.com/article/darkside-the-ransomware-group-responsible-for-colonial-pipeline-cyberattack-explained/. The binary contains an encrypted configuration that will be decrypted using a custom algorithm, which reveals a 22-byte buffer that describes different actions performed by the malware. These actions include: checking the system language […]

A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) Read More »