• Home
  • News
  • DARKVAULT Ransomware Gang Attacks Belarusian Atriline

DARKVAULT Ransomware Gang Attacks Belarusian Atriline

Miklos Zoltan

By Miklos Zoltan . 26 April 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

DARKVAULT hackers have announced another victim, the Belarusian Atriline. The hackers’ original post provides a short summary of the organization along with the deadline of May 2. That’s the date by which the victim is supposed to contact the hackers.

  • DARKVAULT is a controversial ransomware gang, with some experts doubting its legitimacy
  • The current theory is that DARKVAULT is simply another iteration of LockBit, but this hasn’t been confirmed yet
  • Ransomware attacks have been on the rise throughout 2023, compared to 2022, when they dropped drastically following the previous year
  • According to the latest data, at least 75% of medium and high-value targets have been hit at least once during 2023, 50% of them being hit more than once

If you haven’t heard of DARKVAULT before, it’s understandable. The gang isn’t as active as other ransomware gangs, but they do appear to be quite competent. Then there’s the controversy.

According to some experts and forum users, DARKVAULT displays a lot of similarities to LockBit. The latter is the most (in)famous ransomware organization in the world, with over 2,000 high-profile victims and over $121 million in ransom gains.

But is this true?

X showing the DARKVAULT attack on Atriline
https://twitter.com/FalconFeedsio/status/1783750549864845593

The answer is that nobody knows for sure. The similarities that people have hinted at refer primarily to the gang’s leak website, which appeared almost identical to those of LockBit. Furthermore, many have found similarities between DARKVAULT and LockBit’s MOs.

That being said, these similarities disappeared soon enough, after the hackers decided to review them. Which is quite telling, given that LockBit operators are known to be active on X (former Twitter) and other social platforms.

So, it’s not mind-blowing to suggest that they caught wind of the rumors and rushed to cover their trails. Or so the theory goes. While nothing has been confirmed, the fact that these similarities disappeared once people pointed them out is suspicious enough.

Who is DARKVAULT Really?

Setting the LockBit theory aside, the one that remains is a LockBit wannabe. LockBit currently ranks as the most influential, successful, and dangerous ransomware gang. Many other cybercriminal actors have attempted to replicate the gang’s success.

This includes the website layout, the tactics, some of the code, the way of addressing the hits, and the negotiation strategies. Some have had more success than others and DARKVAULT appears to fall in the same category.

Unlike LockBit, though, DARKVAULT is involved in a lot more activities. These include scams, malware creation, various fraudulent activities, doxing, and even swatting and bomb threats. This has caused some to consider DARKVAULT as simply a failed experiment.

As some suggest, DARKVAULT doesn’t have the profile of a mature and well-established ransomware actor. Rather, it gives the vibes of a group of inexperienced cybercriminals testing the waters and trying to find their identity.

This means that DARKVAULT may be a legitimate ransomware actor, just not in full power yet. That being said, the hackers do appear to possess some knowledge and expertise, given their recent successful breaches.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment