DarkSide has left its influence so much that even after its deterioration, its effects and aftershocks are still haunting businesses to an extreme extend. DarkSide is a ransomware gang that hit headlines across the world when it disrupted Colonial Pipeline.
Many global organizations of food, oil, and gas sectors are now being targeted by different ransomware groups pretending as DarkSide. They are receiving threatening emails from unknown sources, who call themselves DarkSide. The email style stresses the fact that it is actually not from the real DarkSide. It is just using its name after the famous Colonial Pipeline incident, to get the ransom and increase the pressure on the victims.
The difficult part is that it’s not even getting confirmed through any way that they have actually hacked anything or not. Unlike DarkSide, the group has not provided any evidence of its accessing any kind of data. Also, it is being very different than the usual style of DarkSide. In terms of evidence as well, none is provided.
The emails are quite straightforward threats in which they have stressed the threats that not giving ransom would lead the victim to a huge loss including public humiliation. The demand for 100 bitcoins as ransom has been put forward by the group. They also claimed of accessing all kinds of financial documents and other sensitive data.
It has been hoped by the cybersecurity experts that no ransom would be given out before the actual evidence of theft of data.
In terms of threatening emails, many things are being noticed by cybersecurity experts. The same bitcoin wallet is being given at the end of a threatening email. It is mostly targeting Japan and then some other countries like Australia, Canada, U.S, Argentina, India, Argentina. It is also affecting China, Colombia, Mexico, Netherlands, Thailand, and the U.K.
Bitcoin wallet of the gang is also empty as no record of sending or receiving payment is being shown. Gradually more cyber attacks are being carried out on essential organizations like food sectors, especially for ransom. It is believed that it is been done so because it involves the general public and it has the things extremely necessary and crucial for survival, and it is impossible to shut down these services.
Trend Micro observed emails hitting a few targets daily, starting June 4. The messages were sent to generic email addresses within the organizations (i.e., addresses such as “[email protected][companyname].com” or similar). The sender emails are [email protected][.]xyz and [email protected][.]space.
“In one case, we were able to get the sender’s IP address, 205[.]185[.]127[.]35, which happens to be a Tor network exit node,” researchers said.
However, it is been assured by the security agencies that the companies should verify and recheck the state of the attack before blindly giving in the ransoms.