| https://blog.qualys.com/vulnerabilities-threat-research/2021/06/09/darkside-ransomware |
| https://www.varonis.com/blog/darkside-ransomware |
| https://abcnews.go.com/Politics/biden-speak-colonial-pipeline-attack-americans-face-gasoline/story?id=77666212 |
| https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/ |
| https://blog.group-ib.com/blackmatter# |
| https://blog.group-ib.com/blackmatter2 |
| https://blogs.blackberry.com/en/2021/09/threat-thursday-blackmatter-ransomware-as-a-service |
| https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html |
| https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version |
| https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/ |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b |
| https://otx.alienvault.com/pulse/60d0afbc395c24edefb33bb9 |
| https://pylos.co/2021/05/13/mind-the-air-gap/ |
| https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/ |
| https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/ |
| https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/ |
| https://therecord.media/popular-hacking-forum-bans-ransomware-ads/ |
| https://twitter.com/GelosSnake/status/1451465959894667275 |
| https://twitter.com/JAMESWT_MHT/status/1388301138437578757 |
| https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-servers-reportedly-seized-revil-restricts-targets/ |
| https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/ |
| https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout |
| https://www.crowdstrike.com/blog/falcon-protects-from-darkside-ransomware/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-ransomware-adversaries-reacted-to-the-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/ |
| https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/ |
| https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/ |
| https://www.elliptic.co/blog/darkside-bitcoins-on-the-move-following-government-cyberattack-against-revil-ransomware-group |
| https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin |
| https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims |
| https://www.guidepointsecurity.com/from-zloader-to-darkside-a-ransomware-story/ |
| https://www.ic3.gov/Media/News/2021/211101.pdf |
| https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime |
| https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside |
| https://www.maltego.com/blog/chasing-darkside-affiliates-identifying-threat-actors-connected-to-darkside-ransomware-using-maltego-intel-471-1/ |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/darkside-ransomware-victims-sold-short/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.nytimes.com/2021/05/29/world/europe/ransomware-russia-darkside.html |
| https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html |
| https://www.secureworks.com/blog/ransomware-groups-use-tor-based-backdoor-for-persistent-access |
| https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/ |
| https://www.trendmicro.com/en_us/research/21/e/darkside-linux-vms-targeted.html |
| https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf |
| https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636 |
| https://www.youtube.com/watch?v=NIiEcOryLpI |
| https://www.youtube.com/watch?v=qxPXxWMI2i4 |
| http://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/ |
| http://ti.dbappsecurity.com.cn/blog/index.php/2021/05/10/darkside/ |
| https://asec.ahnlab.com/en/34549/ |
| https://blog.360totalsecurity.com/en/darksides-targeted-ransomware-analysis-report-for-critical-u-s-infrastructure-2/ |
| https://blog.cyble.com/2021/08/05/blackmatter-under-the-lens-an-emerging-ransomware-group-looking-for-affiliates/ |
| https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/ |
| https://blog.group-ib.com/blackmatter# |
| https://blog.group-ib.com/blackmatter2 |
| https://blogs.blackberry.com/en/2021/09/threat-thursday-blackmatter-ransomware-as-a-service |
| https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2021/05/18/darkside_ransomware-QfsV.html |
| https://blueteamblog.com/darkside-ransomware-operations-preventions-and-detections |
| https://brandefense.io/darkside-ransomware-analysis-report/ |
| https://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/ |
| https://community.riskiq.com/article/fdf74f23 |
| https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/ |
| https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
| https://ghoulsec.medium.com/mal-series-13-darkside-ransomware-c13d893c36a6 |
| https://github.com/Haxrein/Malware-Analysis-Reports/blob/main/darkside_ransomware_technical_analysis_report.pdf |
| https://github.com/sisoma2/malware_analysis/tree/master/blackmatter |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf |
| https://go.recordedfuture.com/hubfs/reports/MTP-2021-0804.pdf |
| https://id-ransomware.blogspot.com/2020/08/darkside-ransomware.html |
| https://id-ransomware.blogspot.com/2021/07/blackmatter-ransomware.html |
| https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/ |
| https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/ |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://labs.bitdefender.com/2021/01/darkside-ransomware-decryption-tool/ |
| https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b |
| https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/ |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://securityintelligence.com/posts/darkside-oil-pipeline-ransomware-attack/ |
| https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted |
| https://socprime.com/blog/affiliates-vs-hunters-fighting-the-darkside/ |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps |
| https://symantec.broadcom.com/hubfs/Attacks-Against-Critical_Infrastructrure.pdf |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/ |
| https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/ |
| https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/ |
| https://therecord.media/popular-hacking-forum-bans-ransomware-ads/ |
| https://therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ |
| https://threatpost.com/guess-fashion-data-loss-ransomware/167754/ |
| https://twitter.com/GelosSnake/status/1451465959894667275 |
| https://twitter.com/JAMESWT_MHT/status/1388301138437578757 |
| https://twitter.com/ValthekOn/status/1422385890467491841?s=20 |
| https://twitter.com/sysopfb/status/1422280887274639375 |
| https://unit42.paloaltonetworks.com/darkside-ransomware/ |
| https://us-cert.cisa.gov/ncas/alerts/aa21-131a |
| https://us-cert.cisa.gov/ncas/analysis-reports/ar21-189a |
| https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/ |
| https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion |
| https://www.acronis.com/en-us/articles/darkside-ransomware/ |
| https://www.advanced-intel.com/post/from-dawn-to-silent-night-darkside-ransomware-initial-attack-vector-evolution |
| https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-gang-rises-from-the-ashes-of-darkside-revil/ |
| https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/ |
| https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoins-in-deposit-on-hacker-forum/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-servers-reportedly-seized-revil-restricts-targets/ |
| https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/ |
| https://www.bleepingcomputer.com/news/security/us-chemical-distributor-shares-info-on-darkside-ransomware-data-theft/ |
| https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom |
| https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound |
| https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-2/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout |
| https://www.crowdstrike.com/blog/falcon-protects-from-darkside-ransomware/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-ransomware-adversaries-reacted-to-the-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/ |
| https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware |
| https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/ |
| https://www.databreaches.net/a-chat-with-darkside/ |
| https://www.databreachtoday.com/blogs/darkside-ransomware-gang-launches-affiliate-program-p-2968 |
| https://www.deepinstinct.com/2021/06/04/the-ransomware-conundrum-a-look-into-darkside/ |
| https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ |
| https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/ |
| https://www.dragos.com/blog/industry-news/recommendations-following-the-colonial-pipeline-cyber-attack/ |
| https://www.elliptic.co/blog/darkside-bitcoins-on-the-move-following-government-cyberattack-against-revil-ransomware-group |
| https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin |
| https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims |
| https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html |
| https://www.flashpoint-intel.com/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ |
| https://www.fortinet.com/blog/threat-research/newly-discovered-function-in-darkside-ransomware-variant-targets-disk-partitions |
| https://www.glimps.fr/lockbit3-0/ |
| https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf |
| https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/ |
| https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox |
| https://www.ic3.gov/Media/News/2021/211101.pdf |
| https://www.intel471.com/blog/darkside-ransomware-colonial-pipeline-attack |
| https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime |
| https://www.maltego.com/blog/chasing-darkside-affiliates-identifying-threat-actors-connected-to-darkside-ransomware-using-maltego-intel-471-1/ |
| https://www.mandiant.com/resources/burrowing-your-way-into-vpns |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/ |
| https://www.metabaseq.com/recursos/inside-darkside-the-ransomware-that-attacked-colonial-pipeline# |
| https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.nozominetworks.com/blog/colonial-pipeline-ransomware-attack-revealing-how-darkside-works/ |
| https://www.nozominetworks.com/blog/how-to-analyze-malware-for-technical-writing/ |
| https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/ |
| https://www.repubblica.it/economia/finanza/2021/04/28/news/un_sospetto_attacco_telematico_blocca_le_filiali_della_bcc_di_roma-298485827/ |
| https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/ |
| https://www.secjuice.com/blue-team-detection-darkside-ransomware/ |
| https://www.secureworks.com/research/threat-profiles/gold-waterfall |
| https://www.sentinelone.com/blog/meet-darkside-and-their-ransomware-sentinelone-customers-protected/ |
| https://www.splunk.com/en_us/blog/security/darkside-ransomware-splunk-threat-update-and-detections.html |
| https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html |
| https://www.splunk.com/en_us/blog/security/the-darkside-of-the-ransomware-pipeline.html |
| https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf |
| https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf |
| https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/ |
| https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html |
| https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-as-a-service-enabler-of-widespread-attacks |
| https://www.varonis.com/blog/darkside-ransomware/ |
| https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636 |
| https://www.youtube.com/watch?v=NIiEcOryLpI |
| https://www.youtube.com/watch?v=qxPXxWMI2i4 |
| https://zawadidone.nl/2020/10/05/darkside-ransomware-analysis.html |
| https://zawadidone.nl/darkside-ransomware-analysis/ |
| https://zetter.substack.com/p/anatomy-of-one-of-the-first-darkside |