Scammers are impersonating the DarkSide ransomware gang

Someone out there is impersonating the infamous DarkSide ransomware gang and trying to trick companies in the energy and food industry to part with 100 Bitcoins, Trend Micro warns.

But the campaign is not producing the desired results, because the Bitcoin wallet to which the ransom should be directed has yet to receive or send any payment.

The message

The threat actor is contacting a few targets each day, either by sending an email to companies’ generic email addresses or by entering the same text into contact web forms on their official website:

impersonating DarkSide

The threat actor claims to have breached the company’s servers and to have access to sensitive company data, but offers not actual proof. Instead, they are hoping that invoking the DarkSide name will push companies into making a rash decision. But so far, that trick hasn’t paid off.

Impersonating DarkSide (badly)

Compared to the real DarkSide gang’s activities, this spam campaign and scam attempt is pretty amateurish, Trend Micro researcher Cedric Pernet noted.

“DarkSide has always been able to show proof that they obtained stolen sensitive data,” he pointed out.

“Also, like most modern ransomware attacks, DarkSide launched the ransomware to paralyze their target’s operations before demanding ransom. Here, there is no encryption of any content on the target network; the actors just send a threat and a ransom demand based on the assertion that they reportedly have the data.”

This threat actor mentions the attack on meat supplier JBS and takes credit for it, but a simple web search will immediately tell targets that that attack has been attributed to the REvil (aka Sodinokibi) ransomware gang.

Be careful

It seems that the only good decisions made by the threat actor is to use Tor to hide their IP address and to try to target companies in the energy and food industries, as they are historically preferred targets of ransomware gangs.

“In the campaign we spotted, fortunately no one actually paid, probably due to the questionable details in the email. However, this does not remove the possibility that an attacker with more believable methods could successfully ensnare targets,” Pernet pointed out.

Recent research has shown that 60 percent of organizations would consider paying in the event of a ransomware attack.

Still, it is unlikely they would shell out 100 Bitcoin (currently nearly $4 million) without confirming the validity of the threats.




Share this