Jump to content
  • Fake DarkSide gang targets energy, food industry in extortion emails


    Karlston

    • 576 views
    • 4 minutes
     Share


    • 576 views
    • 4 minutes

    Fake DarkSide gang targets energy, food industry in extortion emails

     

    Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors.

     

    The Darkside ransomware operation launched in August 2020, targeting corporate networks and demanding millions of dollars for a decryptor and a promise not to release stolen data.

     

    After hitting Colonial Pipeline, the largest fuel pipeline in the US, the ransomware gang was thrust into the spotlight, with the US government and law enforcement shifting their focus to the group.

     

    This increased scrutiny by enforcement led to DarkSide suddenly shutting down its operation in May out of fear of being arrested.

     

    Since then, there has been no additional activity from its group or known aliases.

    Extortionists impersonate DarkSide gang

    In a new report, Trend Micro researchers reveal that a new extortion campaign started in June where threat actors are impersonating the DarkSide ransomware gang.

     

    "Several companies in the energy and food industry have recently received threatening emails supposedly from DarkSide," explains Trend Micro researcher Cedric Pernet.

     

    "In this email, the threat actor claims that they have succesfully hacked the target's network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid."

     

    This new extortion campaign consists of emails sent to companies or through their website contact forms that state the ransomware gang hacked the company's servers and stole data during the attack. The email says that the company must pay 100 bitcoins to an enclosed bitcoin address, or threat actors will publicly release the documents.

     

    You can read the entire extortion message below:

    Hi, this is DarkSide.

     

    It took us a lot of time to hack your servers and access all your accounting reporting. Also, we got access to many financial documents and other data that can greatly affect your reputation if we publish them.

    It was difficult, but luck was helped by us - one of your employees is extremely unqualified in network security issues. You could hear about us from the press - recently we held a successful attack on the Colonial Pipeline.

     

    For non-disclosure of your confidential information, we require not so much - 100 bitcoins. Think about it, these documents may be interested not only by ordinary people, but also the tax service and other organizations, if they are in open access ... We are not going to wait long - you have several days.

     

    Our bitcoin wallet - bc1qcwrl3yaj8pqevj5hw3363tycx2x6m4nkaaqd5e

    According to Trend Micro, all of the emails use the same bitcoin address. An extortion demand submitted through a site's contact form and seen by BleepingComputer showed that this bitcoin address is bc1qcwrl3yaj8pqevj5hw3363tycx2x6m4nkaaqd5e.

     

    At this time, the bitcoin address has seen no payments and will likely not in the future, considering the ridiculous $3.6 million bitcoin demand.

     

    Trend Micro states that the emails they have seen are being sent from the darkside@99email[.]xyz and darkside@solpatu[.]space email addresses, with 99email.xyz account being a throwaway email account service.

     

    It is not clear why the wannabe extortionists are only targeting the food and energy sector, but it is believed to be because recent attacks in those industries have been quick to pay a ransom.

     The industries targeted by the fake DarkSide campaign
     The industries targeted by the fake DarkSide campaign
    Source: Trend Micro

    After Colonial Pipeline was attacked, they paid a $4.4 million ransom to DarkSide, with the majority of the ransom later recovered by the FBI.

     

    Likewise, meat producer JBS paid $11 million to REvil after a ransomware attack.

     

     

    Fake DarkSide gang targets energy, food industry in extortion emails


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...