Reading:
The Week in Dark Web – 27 September 2021 – Rise of Ransomware Attacks

The Week in Dark Web – 27 September 2021 – Rise of Ransomware Attacks

September 27, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. New Ransomware attacks, company database thefts, and stealing customer data are on the rise and took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Customer Database of a Food Delivery From France Leaked On The Dark Web

On September 23, 2021, a vendor claimed to share a user database allegedly belonging to a food delivery firm from France on a dark web forum monitored by SOCRadar. Lyon-based victim company is engaged in food delivery and has a revenue of $6 million. According to the dark web post, the shared database contains full names, emails, addresses, and phone numbers of 17.7 thousand users.

Unauthorized Access Sale Detected For a Thai Company On The Dark Web

On September 24, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell unauthorized access allegedly for a Thai firm. The dark web vendor claimed that the victim firm produces chemical mixtures and fertilizers for households and has over $2 million in revenue. The vendor also stated that the buyer would have VPN and RDP access at the admin level.

The New Ransomware Victim of RansomExx

On September 20, 2021, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a manufacturing firm from Saudi Arabia on the RansomExx (Defray777) ransomware group website. Established in 1990, the victim corporation controls the supply of corrugated packaging in the MENA region. The group behind the attack known as RansomExx is also responsible for last month’s ransomware attack on GIGABYTE, a computer hardware giant. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.

RDP Access Sale Detected For An Automotive Company from Qatar

On September 22, 2021, on a dark web forum monitored by SOCRadar, a dark web vendor offered to sell Remote Desktop Protocol (RDP) access allegedly for an automotive company from Qatar. According to the vendor, the buyer would have access to web servers and databases, including 400 GB of company information. The vendor also stated that the victim firm has seven stores in Qatar with 80 employees.

User Database of LinkedIn Allegedly Put For Sale On The Dark Web

On September 21, 2021, a vendor offered to sell a user database allegedly belonging to Linkedin on a dark web forum monitored by SOCRadar. While the dark web vendor did not give any detail about how the database was obtained, the surfaced details contained full names, addresses, gender, birth years, phone numbers and different personally identifiable information (PII) of over 710 million users. The vendor also stated that the database is up to date.


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.