New ransomware group claims to have hit Canadian corporate giant

A new ransomware group says a Toronto-based billion-dollar company is allegedly one of its first victims of a new ransomware group calling itself DarkSide. The new group is demanding payment or threatening to release the copied corporate files publically.

IT World Canada isn’t identifying the publicly-traded company until the data breach is confirmed, but according to a posting today on the group’s dark web site some 200 GB of information including employee files, finance and payroll records and business plans were copied before encryption.

“If you need proof we are ready to provide you with it,” the gang says on the site. “The data is preloaded and will be automatically published if you do not pay. After publication your data will be available [to others] for at least six months on our tor cdn servers.”

Darkside revealed itself on the web 10 days ago, stating “We are a new product on the market, but that does not mean that we have no experience and we came from nowhere. We received millions of dollars in profit by partnering with other well-known cryptolockers. We created DarkSide because we didn’t find the perfect product for us. Now we have it.”

The gang appears to be another threat actor that has quickly taken advantage of the recent trend of combining ransomware with data theft. Defenders were often successful at fending off ransomware demands if they had good backups. But armed with what they hope will be sensitive data, ransomware gangs are increasing the pressure on victims by threatening to release files to the public — which would embarrass the company and damage its reputation — or to other criminals.

The DarkSide website says, “Based on our principles we will not attack the following targets: Medicine, education, non-profit organizations, government. We only attack targets that can pay the requested amount, we do not want to kill your business. Before any attack, we analyze your accountancy and determine how much you can pay based on your net income. You can ask all your questions in the chat before paying and our support team will answer them.”

According to the news site Bleeping Computer, Darkside has sent ransom notes to victims between $200,00 and $2 million.

“The big game hunters are successfully hunting ever bigger game,” commented Brett Callow, a British-Columbia based threat analysts for Emsisoft. “As a result, ransom demands are increasing, the criminals’ revenues are increasing and, consequently, they have more to invest in ramping up their operations in terms of both scale and sophistication. In other words, we have a vicious circle in which the criminals keep on becoming better resourced and able to attack more companies, more effectively.
“Companies in the financial sector make for particularly attractive targets as, due to the sensitivity of the information they hold, actors probably perceive them to be among the most likely to pay to prevent their clients’ data leaking onto the dark web or being publicly auctioned.
“Companies in this situation are without good option. Even if a company chooses to pay the ransom, all it will receive is a pinky promise from a bad faith actor that the stolen data will be destroyed. Whether the groups do ever delete is something only they know, but I suspect they do not. Why would they?”

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now