For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business.
Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the gang’s blog, payment processing and denial-of-service (DoS) servers had been seized.
Fast-forward three days, and it sure doesn’t look like DarkSide is dead in the water. Friday’s statement has reportedly been deleted. According to the security intelligence firm Flashpoint, some members of the underground forum questioned whether the post might have been a fake.