Security researchers at FortiGuard Labs have uncovered another DarkSide ransomware variant with destructive capabilities that enabled attackers to seek disk partition information and encrypt the files in multiple disks. But the researchers say the variant is “unrelated to the Colonial Pipeline campaign” and no longer active.
The DarkSide gang announced on May 13 that it was shutting down its ransomware-as-a-service operation. Another DarkSide malware variant was used against Colonial Pipeline Co., which led to the temporary shutdown of the company’s pipeline serving much of the East Coast (see: DarkSide Ransomware Gang Says It Has Shut Down).
FortiGuard Labs says the recently identified DarkSide malware variant was found in a sample provided by “trusted partners.” It had been used in an attack campaign designed to enable attackers to cause wider disruption.