darkbit01

DarkBit is a politically motivated ransomware operation active since February 2023, targeting academic and public sector entities—most notably including attacks against Israeli institutions like the Technion. Written in Go (Golang) and leveraging powerful encryption routines, it employed AES-256 and supported command-line options for customizable deployments. Its behavior includes deleting volume shadow copies and encrypting files with a randomized prefix and .Darkbit extension. The group deployed their own Tor-based negotiation portal and utilized Tox messaging for communication. Their messaging contained anti-government rhetoric, suggesting ideological motivations in addition to cyber-extortion objectives.