Scammers impersonate DarkSide hack group

Scammers impersonate DarkSide group
Written by Emma Davis

Scammers impersonate the already defunct DarkSide hack group and are sending ransom letters to companies in the energy and food sectors, Trend Micro reports.

It is unclear why the imitators chose these particular industries, but it can be assumed that this is due to the fact that companies operating in these areas tend to pay money to the ransomware operators.

Scammers impersonate DarkSide group
Let me remind you that the ransomware group DarkSide announced that it was stopping work last month, after the scandalous attack on the Colonial Pipeline company, which attracted too close attention of the authorities to hackers.

The group behind the DarkSide malware has been active since August 2020 and operated under the Ransomware as a Service (RaaS) scheme, actively advertising malware on the darknet and collaborating with other hack groups.

As a result, DarkSide was a classic “big game hunter”, that is, it attacked large corporate networks, encrypted data, and then demanded huge ransoms from the affected companies.

If the victims refused to pay, DarkSide members published the stolen data on their website on the darknet.

Trend Micro experts warn that a new ransomware campaign was discovered in June. In it attackers impersonate DarkSide operators. Fraudulent emails that attackers send using contact forms on victims’ websites, for example, claim that the hackers have successfully compromised the target’s network and gained access to confidential information that will be “leaked” into the public domain if the victims do not pay a ransom 100 bitcoins (over $3 million).

Scammers impersonate DarkSide group
All letters from the attackers use the same bitcoin address: bc1qcwrl3yaj8pqevj5hw3363tycx2x6m4nkaaqd5e. No payments have been made to this address to date, and this will not change, given the enormous size of the ransom requested.

Trend Micro experts write that the emails they managed to study were sent from darkside@99email[.]xyz and darkside @ solpatu[.]space, and the account at 99email.xyz is a disposable mailbox.

However, as we reported, Experts traced DarkSide group bitcoin wallets.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.