[BreachExchange] New ransomware group claims to have hit Canadian corporate giant

Tue Aug 25 10:10:00 EDT 2020

https://www.itworldcanada.com/article/new-ransomware-group-claims-to-have-hit-canadian-corporate-giant/434880

A new ransomware group says a Toronto-based billion-dollar company is
allegedly one of its first victims of a new ransomware group calling
itself DarkSide. The new group is demanding payment or threatening to
release the copied corporate files publically.

IT World Canada isn’t identifying the publicly-traded company until
the data breach is confirmed, but according to a posting today on the
group’s dark web site some 200 GB of information including employee
files, finance and payroll records and business plans were copied
before encryption.

“If you need proof we are ready to provide you with it,” the gang says
on the site. “The data is preloaded and will be automatically
published if you do not pay. After publication your data will be
available [to others] for at least six months on our tor cdn servers.”

Darkside revealed itself on the web 10 days ago, stating “We are a new
product on the market, but that does not mean that we have no
experience and we came from nowhere. We received millions of dollars
in profit by partnering with other well-known cryptolockers. We
created DarkSide because we didn’t find the perfect product for us.
Now we have it.”

The gang appears to be another threat actor that has quickly taken
advantage of the recent trend of combining ransomware with data theft.
Defenders were often successful at fending off ransomware demands if
they had good backups. But armed with what they hope will be sensitive
data, ransomware gangs are increasing the pressure on victims by
threatening to release files to the public — which would embarrass the
company and damage its reputation — or to other criminals.

The DarkSide website says, “Based on our principles we will not attack
the following targets: Medicine, education, non-profit organizations,
government. We only attack targets that can pay the requested amount,
we do not want to kill your business. Before any attack, we analyze
your accountancy and determine how much you can pay based on your net
income. You can ask all your questions in the chat before paying and
our support team will answer them.”

According to the news site Bleeping Computer, Darkside has sent ransom
notes to victims between $200,00 and $2 million.

“The big game hunters are successfully hunting ever bigger game,”
commented Brett Callow, a British-Columbia based threat analysts for
Emsisoft. “As a result, ransom demands are increasing, the criminals’
revenues are increasing and, consequently, they have more to invest in
ramping up their operations in terms of both scale and sophistication.
In other words, we have a vicious circle in which the criminals keep
on becoming better resourced and able to attack more companies, more
effectively.
“Companies in the financial sector make for particularly attractive
targets as, due to the sensitivity of the information they hold,
actors probably perceive them to be among the most likely to pay to
prevent their clients’ data leaking onto the dark web or being
publicly auctioned.

“Companies in this situation are without good option. Even if a
company chooses to pay the ransom, all it will receive is a pinky
promise from a bad faith actor that the stolen data will be destroyed.
Whether the groups do ever delete is something only they know, but I
suspect they do not. Why would they?”