The new version of Darkside ransomware includes faster encryption speed, VoIP calling and virtual machine targeting, according to Israeli cyber intelligence company Kela that found the information published by the Russian-speaking group on the XSS and Exploit forums on the dark web.
They claim that the Windows version of Darkside 2.0 encrypts files faster than any other ransomware-as-a-service (RaaS), and is twice as fast as the previous version. It means that victims have even less time "to pull the plug" if they discover that their network is infected. Darkside 2.0 also includes multithreading in Windows and Linux versions.
The Linux version of the ransomware can exploit VMware ESXi vulnerabilities. In other words, it can hijack virtual machines and encrypt their virtual hard drives. It was also designed to focus on network attached storages (NAS) including Synology and OMV, for even more extensive encryption of the victims' systems.
Finally, Darkside 2.0 includes a "call on us" function enabling partners to make VoIP calls for free to victims, partners and even journalists. The objective is to put additional pressure on victims to pay. Interestingly, the group apparently deposited more than $1 million worth of Bitcoin in XSS that is "intended for solving any financial issues".
Darkside is unusual in terms of its RaaS operations as it does not focus on vaccine distribution facilities, schools, the public sector and nonprofit organizations. Also, it does not specify any targeting of the countries of the former Soviet Union that are part of the Commonwealth of Independent States, including Georgia and Ukraine, hinting at the group's origins.
In October last year, the Darkside group grabbed headlines when it donated to charities $10,000 stolen from corporations, although some experts claimed that the group was simply trying a new method of money laundering.