Canaidan corporate giant is Hit by a new Dangerous ransomware group | Latest News
A new ransomware group says a Toronto-based billion-dollar company is reportedly the first victim of a new ransomware group that calls itself Darkside. The new group is demanding payment or intimidation for publicly releasing copied corporate files.
IT World Canada did not identify the publicly traded company until the data breach was confirmed, but according to today's post on the group's dark web site, about 200 GB of information including employee files, finance and payroll records, and business plans have been copied by cipher.
"If you need evidence, we are ready to provide it," the gang says on the site. "The data is pre-loaded and will be published automatically if you don't pay. After publishing, your data will be available [to others] for at least six months on tor cdn servers."
Darkside revealed itself on the web 10 days ago, saying, “We are a new product on the market, but that doesn't mean we have no experience and that we came out of nowhere. We've had millions of dollars in profits partnering with other well-known crypto operators. We created DarkSide because we didn't find it. The perfect product for us.Now we have it.
The gang appears to be another threat that has quickly capitalized on the recent trend of combining ransomware and data theft. Defenders often succeed in fending off ransomware demands if they have good backups. But armed with what they hope will be sensitive data, ransomware gangs are increasing pressure on victims by threatening to release files to the public - which would embarrass the company and damage its reputation. — or to other criminals.
DarkSide says, “Based on our principles, we will not attack the following targets: medicine, education, non-profit organizations, and government. We only attack targets that can pay the required amount, and we don’t want to kill your business. Before any attack, we analyze your accountability and determine how much you can pay based on Your net income. You can ask all your questions in the chat before paying and the support team will answer them.
According to the news site Blipping Computer, Darkside has sent ransom notes between $ 200,00 and $ 2 million to the victims.
"The big game hunters are hunting for bigger game than ever," commented Brett Callow, British Columbia threat analyst for Emsisoft. “As a result, ransom demands are increasing, criminals’ revenue is increasing, and therefore, they have more to invest in ramping up their operations in scale and complexity. In other words, we have a vicious circle in which criminals continue to improve resources and the ability to attack more companies more effectively.
“Firms in the financial sector are setting particularly attractive targets, given the sensitivity of the information in their possession, it is likely that representatives will realize that they are among the most likely to pay to prevent their customers' data from leaking onto the dark web or putting it up for auction.
"Companies in this case don't have a good choice. Even if the company chooses to pay the ransom, all it will get is a pinky promise from a bad-faith actor that the stolen data will be destroyed. Whether the groups are deleting is something that no one else knows, but I suspect they are." They don't. Why are they? "
No comments