SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 25 October 2021 – New Ransomware Attacks and Data Leaks
Home

Resources

Blog
Oct 25, 2021
3 Mins Read

The Week in Dark Web – 25 October 2021 – New Ransomware Attacks and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Customer Database of A Bank From Indonesia Leaked On The Dark Web

On October 20, a vendor claimed to have databases allegedly belonging to a bank from Indonesia on a dark web forum monitored by SOCRadar. The East Java-based victim bank has over $358 million with more than 5000 employees. According to the dark web post, breached databases and HDD data contain 378 GB of banking information. Also, the vendor wants $250 thousand for the databases.

The New Ransomware Victim Hit By The Groove Ransomware Gang

On October 19, SOCRadar found a post allegedly announcing a ransomware attack targeting a retirement services firm from the US on the Groove groups’ website. Established in 1951, the victim organization provides services for older adults living in their own homes with $7 million. 

A Database Containing Information Belonging to Malaysian Doctors Leaked On The Dark Web

On October 19, a vendor attempted to sell a database allegedly containing personally identifiable information (PII) belonging to Malaysian doctors on a dark web forum monitored by SOCRadar. The surfaced details include full names, emails, phone numbers, and organization names according to the sample. While it is not clear how the database was obtained, the dark web vendor stated that there is information of 1700 doctors in the database.

Unauthorized Access Sale Detected For A Company From Singapore On The Dark Web

On October 22, on a dark web forum monitored by SOCRadar, a vendor attempted to sell unauthorized access allegedly for an insurance company from Canada. While the dark web vendor did not give the firm’s name, it is stated that the victim company is engaged in insurance services in Ontario. The vendor also noted that the buyer would have VPN access to the devices on the system. 

The New Ransomware Victim of Conti

On October 9, a vendor claimed to have a user database allegedly belonging to a digital distribution platform operating globally on a dark web forum monitored by SOCRadar. The victim platform is engaged in purchasing and playing games. According to the dark web post, the shared database contains 2.3 GB of data, including full names, emails, phone numbers, and passwords. 


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.