DarkRace ransomware, a variant of Lockbit, utilizes leaked source code for its operations. It employs advanced techniques such as runtime decryption of XML data and encryption using the Salsa20 stream cipher to hinder access to files until a ransom is paid. Post-encryption measures include deleting shadow copies, terminating processes, and restarting systems to evade detection and complicate cybersecurity efforts.
The ransomware spreads through cracked software installations and phishing email attacks, leveraging obfuscator technology and social engineering to deceive users into activating exploit kits. DarkRace targets critical sectors like manufacturing, finance, transportation, science, and technology in Europe and the United States, posing a high level of threat and complexity for cybersecurity experts. Its adaptability and evasive tactics make it challenging to trace and develop effective countermeasures, intensifying the need for robust cybersecurity strategies and defenses.
