Several organizations in the oil, gas and food sectors have received threatening emails from cybercriminals who are supposed to be the operators of the DarkSide ransomware. According to Trend Micro researchers who analyzed the messages, criminals are using the name of the DarkSide ransomware to launch a scare campaign. In emails, they warn victims that the group has successfully compromised their corporate network and stolen confidential information. The stolen data must be published unless the company pays a ransom of 100 bitcoins (about US$3.8 million).
DarkSide often provides proof that sensitive data has been stolen; however, in one of the more recent attacks they did not provide such proof. Current campaign organizers also made the mistake of mentioning in emails alleged previous DarkSide attacks, which have recently become popular in media headlines. Thus, the messages indicate an attack on the world’s largest meat producer, JBS, but this incident was officially associated with the REvil group (Sodinokibi), and not with DarkSide.
As experts noted, DarkSide operators typically require between $200,000 and $2 million, not the nearly $4 million in the investigated campaign.
The campaign sent emails to companies in Japan, Argentina, Australia, Canada, India and the United States, China, Colombia, Mexico, Netherlands, Thailand and the United Kingdom.