dark power details

Description

Dark Power is a ransomware group first observed in January 2023, known for targeting small to mid-sized organizations across education, healthcare, manufacturing, and information technology sectors. The group uses a double-extortion model, encrypting files and threatening to leak exfiltrated data via a Tor-based site if ransom demands are not met. Written in the Nim programming language, Dark Power ransomware appends the .dark_power extension to encrypted files and drops a ransom note named README.txt, giving victims 72 hours to contact them. The note typically demands payment in cryptocurrency and offers to negotiate. Victims have been observed in North America, Asia, and Europe, with attacks often involving exploitation of vulnerable public-facing systems or stolen credentials.

External Analysis
https://www.trellix.com/en-us/about/newsroom/stories/research/dark-power-ransomware.html
https://www.bleepingcomputer.com/news/security/dark-power-nim-based-ransomware-demands-10k-from-victims/

External Analysis

https://www.trellix.com/en-us/about/newsroom/stories/research/dark-power-ransomware.html

https://www.bleepingcomputer.com/news/security/dark-power-nim-based-ransomware-demands-10k-from-victims/

Url	Status	Screen	Uptime 30d	Health
http://powerj7kmpzkdhjg4szvcxxgktgk36ezpjxvtosylrpey7svpmrjyuyd.onion/	Down		—

Url

Status

Screen

Uptime 30d

Health

http://powerj7kmpzkdhjg4szvcxxgktgk36ezpjxvtosylrpey7svpmrjyuyd.onion/

Down

—

Date	Title	Description	Screen
2023-03-09	onyx-pharma.dz
2023-03-09	imtenan.com
2023-03-09	agados.cz
2023-03-09	evant.com.tr
2023-03-09	arineta.com
2023-03-09	rcc.gob.pe
2023-03-09	goliplik.com.tr
2023-03-09	mdclone.com
2023-03-09	betastree.fr
2023-03-09	northgatesd.net

Date

Title

Description

Screen

2023-03-09

onyx-pharma.dz

2023-03-09

imtenan.com

2023-03-09

agados.cz

2023-03-09

evant.com.tr

2023-03-09

arineta.com

2023-03-09

rcc.gob.pe

2023-03-09

goliplik.com.tr

2023-03-09

mdclone.com

2023-03-09

betastree.fr

2023-03-09

northgatesd.net