DarkSide ransomware gang returns as new BlackMatter operation

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel Read More …

US chemical distributor shares info on DarkSide ransomware data theft

World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division. Brenntag is the second largest in Read More …

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. Read More …

FBI Claws Back Millions of DarkSide’s Ransom Profits

United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice (DOJ) and FBI announced in a joint press conference on Monday. “Today we turned Read More …

Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups

Cybersecurity researchers with Flashpoint, Digital Shadows’ Photon Research Team and other firms have confirmed that XSS, a popular cybercriminal forum, has outright banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, according to a announcement released in Read More …

DarkSide ransomware servers reportedly seized, operation shuts down

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. This news was shared by a threat actor known as ‘UNKN’, the public-facing representative of Read More …

Colonial Pipeline paid close to $5 million in ransomware blackmail payment

Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems. On Thursday, Bloomberg reported that two people close to the matter said a blackmail demand was agreed to within Read More …

Hacker group behind Colonial Pipeline attack claims it has three new victims

The hacker group DarkSide claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the Read More …