- Avoid clicking links and opening attachments in unsolicited emails.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Type official website URLs into browsers manually.
- Facilitate user awareness training to include these types of phishing-based techniques.
- Consider blocking port 445/SMB at the external firewall. In theory, blocking this connection will halt the execution of DarkGate if it cannot download its own install scripts.
- If your organization does not use Autohotkey, do not allow this executable to run in the environment.
- Maintain robust and up-to-date endpoint detection tools on every endpoint.
- Consider leveraging behavior-based detection tools rather than signature-based tools.
- This activity can be reported to the FBI's IC3 and NJCCIC.
