Ransomware Gangs threaten to sell or publish Victims' Data if Not Paid

Discussion in 'malware problems & news' started by mood, Feb 3, 2020.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "Colonial Pipeline Hacking Group [DarkSide] Claims Responsibility for Breaching 3 More Companies

    (Reuters) - The hacking group blamed for crippling a major U.S. pipeline company [DarkSide] has claimed responsibility for breaking into three more companies on Wednesday, saying it was publishing hundreds of gigabytes of data from a Brazilian battery firm, a Chicago-based tech company, and a British engineering firm..."

    https://www.usnews.com/news/technol...responsibility-for-breaching-3-more-companies
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    Chemical distributor pays $4.4 million to DarkSide ransomware
    May 13, 2021
    https://www.bleepingcomputer.com/ne...butor-pays-44-million-to-darkside-ransomware/
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    113,131
    Location:
    Texas
    DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "Elliptic has identified the Bitcoin wallet used by the DarkSide ransomware group to receive ransom payments from its victims, based on our intelligence collection and analysis of blockchain transactions.

    The wallet has been active since 4th March 2021 and has received 57 payments from 21 different wallets...

    In total, the DarkSide wallet has received Bitcoin transactions since March with a total value of $17.5 million. Ransoms associated with previous attacks were paid to other wallets...

    ...by tracing previous outflows from the wallet, we can gain insights into how DarkSide and its affiliates were laundering their previous proceeds..."

    https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,325
    Location:
    U.S.A.
    The question is if they can trace the other bitcoin alternatives: https://www.brsoftech.com/blog/bitcoin-alternatives/ ?

    I would say as long as some form of anonymous digital currency exists, ransomware attacks will persist.
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups...

    XSS, a popular cybercriminal forum, has outright banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, according to a announcement released in Russian...

    ...an administrator of XSS said the decision to outlaw the ransomware activities of active groups like REvil, Babuk, Darkside, LockBit, Nefilim, and Netwalker was due to 'ideological differences' as well as the increased media attention resulting from latest high profile attacks...

    The statement said the 'critical mass of nonsense, hype, and noise' was leading to concerns among the forum's members about law enforcement. They cited a recent comment from Dmitry Peskov, press secretary for Russian President Vladimir Putin, that said the Russian state was not involved in the attack on Colonial Pipeline.

    'Peskov is forced to make excuses in front of our overseas 'friends' – this is a bit too much,' the statement said..."

    https://www.zdnet.com/article/russi...ss-bans-darkside-and-other-ransomware-groups/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    Ransomware ads now also banned on Exploit cybercrime forum
    May 14, 2021
    https://www.bleepingcomputer.com/ne...-now-also-banned-on-exploit-cybercrime-forum/
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "DarkSide Ransomware has Netted Over $90 million in Bitcoin...

    In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets. According to DarkTracer, 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million..."

    https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "Ransomware hits near pre-Colonial Pipeline levels, data suggests

    Digital extortion attempts are returning to their pre-Colonial Pipeline levels, according to data and interviews with some incident responders, suggesting that the upheaval around the hack that paralyzed a major U.S. fuel conduit has yet to curb cybercriminals’ appetite for ransoms...

    ...The sites, which the hackers use to pressure their victims into paying up by leaking reams of sensitive data, are now 'back to normal' he said, with 10-15 victims posted daily...

    Data privately tracked by ID Ransomware - a malware identification site run by Emsisoft researcher Michael Gillespie - shows that submissions of malicious software dropped sharply in the days following news of the Colonial hack, only to rise higher than before..."

    https://www.reuters.com/technology/...ine-levels-data-suggests-2021-05-18/?rpc=401&
     
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    "DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

    A shadow court system for hackers shows how professional ransomware gangs have become...

    Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal forum to sort things out in what researchers call a 'shady version of the People’s Court'...

    Specifically...has observed a growing number of complaints being submitted claiming DarkSide is in breach of the terms of its affiliate program. The claims are being settled among admins in a well-defined “hackers’ courtroom” and payments made by admins out of a DarkSide deposit they control..."

    https://threatpost.com/darkside-hackers-court-paying-affiliates/166393/
     
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,296
    Location:
    Slovenia
    Risk and reward: Nefilim ransomware gang mainly targets fewer, richer companies and that strategy is paying off, warns Trend Micro
    https://www.theregister.com/2021/06/09/trend_micro_nefilim_ransomware_research/
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,296
    Location:
    Slovenia
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,447
    Location:
    DC Metro Area
    U.S. nuclear weapons contractor Sol Oriens hit by Russia-linked cyberattack

    "...Sol Oriens, LLC, is a Department of Energy National Nuclear Security Administration subcontractor. Its employees work on sensitive matters related to nuclear weapons and energy.

    The National Nuclear Security Administration is the government agency responsible for maintaining and securing the nation’s nuclear weapons stockpile. It works on nuclear applications for the US military, along with other highly sensitive missions...

    The attack was the work of REvil...

    Sol Oriens...employees have connections to key strategic national security entities, such as Sandia National Laboratories, and Los Alamos National Laboratory...

    For now, the [stolen] data posted [by REvil] seems benign..."

    https://www.motherjones.com/politic...and-some-of-them-are-military-subcontractors/
     
    Last edited: Jun 10, 2021
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    Fake DarkSide gang targets energy, food industry in extortion emails
    June 18, 2021
    https://www.bleepingcomputer.com/ne...ets-energy-food-industry-in-extortion-emails/
    Trend Micro: Fake DarkSide Campaign Targets Energy and Food Sectors
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,296
    Location:
    Slovenia
    Hit by a ransomware attack? Your payment may be deductible
    https://techxplore.com/news/2021-06-ransomware-payment-deductible.html
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    New LV Ransomware Variant Hijacks Malicious Binaries Used by REvil Operators
    Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes
    June 23, 2021
    https://www.theregister.com/2021/06/23/revil_ransomware_lv/
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    Nephilim: the hacker group that threatens the wealthiest
    June 23, 2021
    https://www.entrepreneur.com/article/375502
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,264
    Healthcare giant Grupo Fleury hit by REvil ransomware attack
    June 23, 2021
    https://www.bleepingcomputer.com/ne...-grupo-fleury-hit-by-revil-ransomware-attack/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.