• Home
  • News
  • New DARKVAULT Ransomware Gang Targets 9

New DARKVAULT Ransomware Gang Targets 9

Miklos Zoltan

By Miklos Zoltan . 13 April 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

DARKVAULT is a new ransomware actor with virtually no history or profile. The organization is still not official, but it’s already making waves.

  • The targets are all private institutions from a variety of industries like surveillance systems, fitness, fashion, and healthcare insurance
  • It’s unclear if DARKVAULT is a rebranding of an old gang or an entirely new one yet
  • The organization uses the double extortion method, so they also employ system encryption following a successful breach
  • There is no clear data on how the group operates, how large it is, or how it conducts negotiations

DARKVAULT is presumably days old, which means it’s quite unusual for it to produce 9 victims in such a short time span. This suggests that the group was either active for longer, just under the radar, or relied on competent manpower to conduct its operations.

Many hackers migrate between gangs, depending on who pays more and whether their current group is under the scrutiny of various law enforcement agencies. This explains why some brand-new gangs appear to be so competent, aggressive, and successful.

X showing the DARKVAULT attack on the 9 victims
https://twitter.com/FalconFeedsio/status/1778373798670311821

It’s still early to determine the gang’s profile, such as MOs, tactics, tools, and preferred victim profile. Based on this most recent attack, DARKVAULT doesn’t appear to have industry favorites. The 9 targets are spread across several industries and are located in several countries.

This suggests that the gang is only interested in money, and they don’t shy away from hitting multiple targets at once, some ranking as high-value. The 9 victims are also spread across 4 countries, the US, India, Sri Lanka, and the UK.

Some suggest that this is evidence of the gang’s impressive capabilities and advanced tools and MOs.

How to Deal with DARKVAULT?

While we know next to nothing regarding DARKVAULT, including its origins, structure, members, MOs, tools, and code, we know how to deal with it. That’s because no matter how advanced and innovative DARKVAULT may be, it’s ultimately still a ransomware gang.

And all ransomware gangs function fairly similarly, whether they use the double-extortion practice or the standard extortion method. So, once your cyber defenses have failed, your next best move is to ignore the hackers completely.

Cybersecurity analysts recommend a no-negotiation policy because negotiating with hackers can never be beneficial. What it does achieve is painting you as someone willing to pay the ransom.

Even if you don’t pay the ransom, the simple fact that you’re contacting the hackers for negotiations puts you in a vulnerable light. Which signals the hackers that you are likely to give in at some moment.

This explains why so many ransomware victims get targeted multiple times following either failed or successful negotiations. And then there’s another problem. Paying the ransom doesn’t guarantee that the hackers will delete the stolen data.

In most cases, they will either keep it for later use or share or sell it to other cybercriminal actors. Which will create a slippery slope that nobody wants to slide on.

The solution is simple. Work with tested cybersecurity experts to strengthen your cyber-defenses and don’t negotiate with hackers.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment