fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chemical Distributor Pays $4.4 Million To DarkSide Ransomware

Chemical Distributor Pays $4.4 Million To DarkSide Ransomware

Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Brenntag is a world-leading chemical distribution company headquartered in Germany but with over 17,000 employees worldwide at over 670 sites.

According to the ICS Top 100 Chemical Distributors report, Brenntag is the second largest in sales for North America.

Brenntag confirms cyberattack

At the beginning of May, Brenntag suffered a ransomware attack that targeted their North America division. As part of this attack, the threat actors encrypted devices on the network and stole unencrypted files.

From the information shared with BleepingComputer by an anonymous source, the DarkSide ransomware group claimed to have stolen 150GB of data during their attack.

To prove their claims, the ransomware gang created a private data leak page containing a description of the types of data that were stolen and screenshots of some of the files.

Private data leak page sent to Brenntag
Private data leak page sent to Brenntag

Also Read: The 3 Main Benefits Of PDPA For Your Business

DarkSide initially demanded a 133.65 Bitcoin ransom, valued at approximately $7.5 million at the time. However, after negotiations, BleepingComputer was told that the ransom demand was decreased to $4.4 million, which was paid two days ago.

From the bitcoin address shared with BleepingComputer, we confirmed that Brenntag sent the ransom to the attackers on May 11th.

Today, Brenntag shared a statement with BleepingComputer confirming that they suffered a security incident but did not outright state it was a ransomware attack.

“Brenntag North America is currently working to resolve a limited information security incident,” Brenntag told BleepingComputer.

“As soon as we learned of this incident, we disconnected affected systems from the network to contain the threat.”

“In addition, third-party cybersecurity and forensic experts were immediately engaged to help investigate. We also informed law enforcement of this incident.”

Gained access through stolen credentials

DarkSide is a Ransomware-as-a-Service (RaaS) operation, which is when the ransomware developers partner with third-party affiliates, or hackers, who are responsible for gaining access to a network and encrypting devices.

As part of this arrangement, the core DarkSide team earns 20-30% of a ransom payment, and the rest goes to the affiliate who conducted the attack.

One of the conditions for most ransomware negotiations is that the affiliate discloses how they gained access to a victim’s network. This could come in the form of a multi-page security audit report or simply a simple paragraph in the Tor chat screen explaining how they gained access.

In this particular case, the DarkSide affiliate claims to have gotten access to the network after purchasing stolen credentials. However, the DarkSide affiliate does not know how the credentials were originally obtained.

DarkSide says they purchase credentials for the network
DarkSide says they purchase credentials for the network

Ransomware gangs and other threat actors commonly use dark web marketplace to purchase stolen credentials, especially those for Remote Desktop credentials.

Last month, BleepingComputer reported how one of the largest RDP marketplaces, UAS, suffered a breach showing that over the past three years they had access to 1.3 million stolen credentials.

While this was an expensive lesson, and unfortunately all-too-common, the attack illustrates the importance of enforcing multi-factor authentication for all logins on a network and putting all Remote Desktop servers behind a VPN.

Also Read: What Do 4 Messaging Apps Get From You? Read the iOS Privacy App Labels

If MFA was enabled for account logins, it is unlikely that the DarkSide affiliate would have gained access to the network.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us