A fake group claiming to be the DarkSide ransomware gang is targeting organizations in the food and energy sectors by sending hoax emails to extort ransoms from victims, a report by security firm Trend Micro says.
None of the victims has detected any compromise so far.
Trend Micro says the ongoing email campaign started on June 4, with the attackers sending hoax ransom notes exclusively to victims in the food and energy sectors. In the email, the attackers claim the victims’ networks have been breached, and then proceed to demand a ransom of 100 bitcoins ($3.6 million). If the victims fail to pay the ransom, the hackers then threaten to leak the alleged hack data.
However, as none of the email recipients reported any network compromise, and also because the bitcoin wallet listed in the ransom note has not received or sent any Bitcoin payment, Trend Micro notes the group appears to be a fake DarkSide group.
“DarkSide has always been able to show proof that they obtained stolen sensitive data. They also lead their targets to a website hosted on the Tor network,” Trend Micro notes. “However, in this campaign, the email does not mention anything about proving that they have indeed obtained confidential or sensitive information. The content used in the emails has led us to believe that they did not come from the said threat group, but from an opportunistic low-level attacker trying to profit off the current situation around DarkSide ransomware activities.”
The report further notes the campaign hit most victims in Japan, followed by several other countries such Australia, the U.S., Argentina, Canada, India. It is also active in China, Colombia, Mexico, Netherlands, Thailand, and the U.K.