Darkrace

Malware updated 2 months ago (2024-08-14T09:56:59.245Z)

Download STIX

Preview STIX

DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also threatening to leak stolen files if the ransom is not paid. DarkRace reportedly used source code from LockBit, another ransomware group, which was leaked in September 2022. Despite its initial activity, DarkRace's data leak site had gone dark by mid-2023 after listing only two victims. In May 2023, the malware underwent a rebranding, continuing its operations under the name DarkRace. Notably, it shares a similar configuration file and ransom note with another ransomware called DoNex, which emerged in March 2024. This similarity suggests that DoNex may be based on DarkRace and that the same threat actor could potentially be behind both. However, the exact relationship between the developer or operators of Muse, DarkRace, and DoNex remains unclear. DoNex is recognized as a rebrand of both Muse and DarkRace ransomware, with its first appearance in the threat landscape dating back to April 2022. An intern at SANS Institute, John Moutos, noted in an April blog post that a group called DoNex had entered the fray using samples that closely resembled those previously used by the DarkRace group, and by extension, LockBit. Given these developments, it's crucial for organizations to remain vigilant against these evolving cyber threats.

Description last updated: 2024-08-14T09:04:37.964Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Donex is a possible alias for Darkrace. DoNex is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often without the user's knowledge. It operates by encrypting user data and then demanding a ransom for its decryption. In addition to this, DoNex was found to operate a data leak site on TOR, l	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Darkrace. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	Unspecified	2

Source Document References

Information about the Darkrace Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	3 months ago	Avast Provides DoNex Ransomware Decryptor to Victims
Securityaffairs	3 months ago	Avast released a decryptor for DoNex Ransomware and its predecessors
BankInfoSecurity	3 months ago	What's the Best Strategy for Exploiting Flaws in Ransomware?
Fortinet	6 months ago	Ransomware Roundup - KageNoHitobito and DoNex
Quick Heal Technologies Ltd.	a year ago	DarkRace Ransomware: A Deep Dive into its Techniques and Impact