Dark Angels Team Ransomware

Dark Angels Team Ransomware

Introduction: Dark Angels Team, emerging in May 2022, practices double extortion, demanding payment for a decryptor and the non-release of stolen data. The Windows payloads are derived from leaked Babuk builders, closely resembling Babuk’s features. In late 2023, Linux/ESXi-focused payloads surfaced, showcasing a bespoke codebase similar to RagnarLocker.
Targets: Dark Angels Team targets healthcare, government, finance, and education sectors. Notably, it attacked Johnson Controls in September 2023, locking VMWare ESXi servers.
Operation:

  • Windows Payloads: Based on Babuk’s source code, these payloads inhibit system recovery and terminate interfering processes during encryption.
  • Linux/ESXi Payloads: Utilize a different codebase for Intel-based Linux systems, employing AES-256 encryption. Supports optional arguments for encryption threads, verbose logging, and log file naming.

Detection Strategies: EDR is effective in identifying and preventing Dark Angels Team ransomware. For those without this platform, a multi-layered approach is advised:

  • Security Tools: Utilize anti-malware software or security tools capable of detecting and blocking known ransomware variants using signatures, heuristics, or machine learning algorithms.
  • Network Traffic Monitoring: Regularly monitor network traffic for indicators of compromise, such as unusual patterns or communication with known command-and-control servers.
  • Security Audits: Conduct periodic security audits to identify vulnerabilities in the network and system, ensuring all security controls are effective.
  • Education & Training: Educate employees on cybersecurity best practices, emphasizing the identification and reporting of suspicious emails and other threats.
  • Backup & Recovery Planning: Implement a robust backup and recovery plan to restore data in case of an attack.

Mitigation Measures: , the following steps can help mitigate the risk of Dark Angels Team ransomware attacks:

  • Employee Education: Ensure employees are educated on ransomware risks, phishing email identification, and avoidance of malicious attachments.
  • Strong Passwords: Implement strong, unique passwords for user accounts, regularly updating and rotating them.
  • Multi-Factor Authentication (MFA): Enable MFA for user accounts to add an extra layer of security through mobile apps or physical tokens.
  • System Updates and Patching: Regularly update and patch systems to fix vulnerabilities and prevent exploitation.
  • Backup and Disaster Recovery (BDR): Establish regular BDR processes, testing backups stored offsite for quick recovery.

A comprehensive approach, including employee education, preventive measures, and recovery strategies, is crucial to effectively mitigate the risk of Dark Angels Team ransomware attacks.

Back

Copyright © 2024 RASOC all rights reserved