We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Ransom:Win32/DarkSide.DA
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This threat is a ransomware payload dropped by human-operated ransomware campaigns with a ransomware-as-a-service model.
For information about other human-operated ransomware campaigns, read these blog posts:
There is no one-size-fits-all response if you have been victimized by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files. See our ransomware page for help on what to do in response to a ransomware infection.
Guidance for enterprise administrators
Ransomware more than often attacks enterprises than individuals. Take the following mitigation steps to help address this ransomware attack:
- Immediately isolate the affected device, and any additional device with DarkSide ransomware-related alerts. If DarkSide ransomware has been launched, it is likely that the device is under complete attacker control.
- Identify the accounts that have been used on the affected device and consider these accounts compromised. Reset passwords or decommission the accounts.
- Investigate how the affected endpoint might have been compromised. Check for the presence of other malware.
- Investigate the device timeline for indications of lateral movement activities using one of the compromised accounts.
-
Initiate an incident response process, focusing on responding to possible data exfiltration and ransomware deployment, both of which attackers might have already performed. Contact your incident response team. If you don't have one, contact Microsoft support for investigation and remediation services.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our our advanced troubleshooting page for more help. You can also search the Microsoft virus and malware community for relevant information.
