fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake DarkSide Gang Targets Energy, Food Industry in Extortion Emails

Fake DarkSide Gang Targets Energy, Food Industry in Extortion Emails

Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors.

The Darkside ransomware operation launched in August 2020, targeting corporate networks and demanding millions of dollars for a decryptor and a promise not to release stolen data.

After hitting Colonial Pipeline, the largest fuel pipeline in the US, the ransomware gang was thrust into the spotlight, with the US government and law enforcement shifting their focus to the group.

This increased scrutiny by enforcement led to DarkSide suddenly shutting down its operation in May out of fear of being arrested.

Since then, there has been no additional activity from its group or known aliases.

Also Read: 3 Reasons Why You Must Take a PDPA Singapore Course

Extortionists impersonate DarkSide gang

In a new report, Trend Micro researchers reveal that a new extortion campaign started in June where threat actors are impersonating the DarkSide ransomware gang.

“Several companies in the energy and food industry have recently received threatening emails supposedly from DarkSide,” explains Trend Micro researcher Cedric Pernet.

“In this email, the threat actor claims that they have succesfully hacked the target’s network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid.”

This new extortion campaign consists of emails sent to companies or through their website contact forms that state the ransomware gang hacked the company’s servers and stole data during the attack. The email says that the company must pay 100 bitcoins to an enclosed bitcoin address, or threat actors will publicly release the documents.

You can read the entire extortion message below:

Hi, this is DarkSide.

It took us a lot of time to hack your servers and access all your accounting reporting. Also, we got access to many financial documents and other data that can greatly affect your reputation if we publish them.
It was difficult, but luck was helped by us – one of your employees is extremely unqualified in network security issues. You could hear about us from the press – recently we held a successful attack on the Colonial Pipeline.

For non-disclosure of your confidential information, we require not so much – 100 bitcoins. Think about it, these documents may be interested not only by ordinary people, but also the tax service and other organizations, if they are in open access … We are not going to wait long – you have several days.

Our bitcoin wallet – bc1qcwrl3yaj8pqevj5hw3363tycx2x6m4nkaaqd5e

According to Trend Micro, all of the emails use the same bitcoin address. An extortion demand submitted through a site’s contact form and seen by BleepingComputer showed that this bitcoin address is bc1qcwrl3yaj8pqevj5hw3363tycx2x6m4nkaaqd5e.

At this time, the bitcoin address has seen no payments and will likely not in the future, considering the ridiculous $3.6 million bitcoin demand.

Trend Micro states that the emails they have seen are being sent from the darkside@99email[.]xyz and darkside@solpatu[.]space email addresses, with 99email.xyz account being a throwaway email account service.

It is not clear why the wannabe extortionists are only targeting the food and energy sector, but it is believed to be because recent attacks in those industries have been quick to pay a ransom.

 The industries targeted by the fake DarkSide campaign
 The industries targeted by the fake DarkSide campaign
Source: Trend Micro

After Colonial Pipeline was attacked, they paid a $4.4 million ransom to DarkSide, with the majority of the ransom later recovered by the FBI.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

Likewise, meat producer JBS paid $11 million to REvil after a ransomware attack.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us