SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 15 November 2021 – Ransomware Attacks and Data Leaks


Nov 15, 2021
3 Mins Read

The Week in Dark Web – 15 November 2021 – Ransomware Attacks and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Unauthorized Network Access Sale Detected For A Telecommunication On The Dark Web

On November 11, a dark web vendor offered to sell unauthorized network access for an international telecommunication firm from the UK on a dark web forum monitored by SOCRadar. According to the dark web post, the buyer would have VPN access to the firm’s web corporate systems and servers. The vendor also stated that the victim firm has a revenue of $1 billion.

The New Ransomware Victim of Conti

On November 8, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a firm from Germany on the Pysa ransomware group website. Established in Bremen, the victim corporation is engaged in customized logistics. The group behind the attack, known as Pysa dumped various victims onto their announcing site this week following US law enforcement officials published a series of actions against ransomware gangs.

Customer Database of An Educational Institution From Indonesia Leaked On The Dark Web

On November 9, a vendor claimed to have databases allegedly belonging to an educational institution from Indonesia on a dark web forum monitored by SOCRadar. Jakarta based victim organization is engaged in finance. According to the dark web post, breached SQL database contains personally identifiable information (PII) of thousands of customers.

Unauthorized Network Access For A Swedish Company Put On Sale

On November 8, on a dark web forum tracked by SOCRadar, a vendor attempted to sell unauthorized access allegedly for a Swedish company. While the dark web vendor did not give the name of the victim firm, it is claimed that its revenue is more than $344 million. The buyer would have the ability to manage access and permissions based on both the endpoint device and the user. Further, the dark web vendor auctioned the access, setting a starting price of $500.

Databases Containing PII Belonging to The Customers of Many Companies from Gulf Countries Leaked On The Dark Web

On November 13, a vendor attempted to sell a database allegedly containing personally identifiable information (PII) belonging to the customers of many firms from Gulf Countries on a dark web forum tracked by SOCRadar. According to the dark web post, the surfaced details include full names, emails, addresses and various personally identifiable information (PII). While it is unclear and how the vendor obtained the database, the dark web vendor stated that there is information belonging to more than 270 thousand customers of 4 companies. The vendor also gives the country names of the victim firms as Saudi Arabia, Qatar, Bahrain and Oman.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.