A new ransomware group says a Toronto-based billion-dollar company is allegedly one of its first victims of a new ransomware group calling itself DarkSide. The new group is demanding payment or threatening to release the copied corporate files publically.
IT World Canada isn’t identifying the publicly-traded company until the data breach is confirmed, but according to a posting today on the group’s dark web site some 200 GB of information including employee files, finance and payroll records and business plans were copied before encryption.
“If you need proof we are ready to provide you with it,” the gang says on the site. “The data is preloaded and will be automatically published if you do not pay. After publication your data will be available [to others] for at least six months on our tor cdn servers.”
Darkside revealed itself on the web 10 days ago, stating “We are a new product on the market, but that does not mean that we have no experience and we came from nowhere. We received millions of dollars in profit by partnering with other well-known cryptolockers. We created DarkSide because we didn’t find the perfect product for us. Now we have it.”
The gang appears to be another threat actor that has quickly taken advantage of the recent trend of combining ransomware with data theft. Defenders were often successful at fending off ransomware demands if they had good backups. But armed with what they hope will be sensitive data, ransomware gangs are increasing the pressure on victims by threatening to release files to the public — which would embarrass the company and damage its reputation — or to other criminals.
The DarkSide website says, “Based on our principles we will not attack the following targets: Medicine, education, non-profit organizations, government. We only attack targets that can pay the requested amount, we do not want to kill your business. Before any attack, we analyze your accountancy and determine how much you can pay based on your net income. You can ask all your questions in the chat before paying and our support team will answer them.”
According to the news site Bleeping Computer, Darkside has sent ransom notes to victims between $200,00 and $2 million.