Reading:
The Week in Dark Web – 28 February 2022 – Ransomware Attacks and Data Leaks

The Week in Dark Web – 28 February 2022 – Ransomware Attacks and Data Leaks

February 28, 2022
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

The New Ransomware Victim of AlphVM Blackcat

On February 25, 2022, on the AlphVM Blackcat ransomware group website, SOCRadar detected a post allegedly announcing a ransomware attack that targeted one of the largest solar module manufacturers in the world. The company, headquartered in Shanghai, has over 13,500 employees globally and distributes its solar products all around the world. According to the ransomware post, the data dump has 4 TB of sensitive information, including technical details of solar modules and complete financial information for the last three years.

Customer Database of a Russian Express Delivery Corporation on The Dark Web

On a dark web forum monitored by SOCRadar, a vendor put an allegedly leaked database belonging to an express delivery company from Russia. The victim corporation is a long-lasting organization and delivers goods to 252 countries worldwide over two decades. There is no information about how the vendor obtained the database. However, according to the vendor’s claim, the revealed database includes customers’ full names and phone numbers.

A Database Including PII of Indian Government Employees on Sale

On February 25, 2022, on a dark web forum monitored by SOCRadar, a dark web vendor offered to sell a database containing personally identifiable information belonging to Indian government employees. There is no information about how the vendor obtained the database. However, according to the vendor’s claim, the database comprises full names, addresses, and various sensitive information.

User Databases of Cryptocurrency Websites on Sale

On Febr 24, 2021, on a dark web forum monitored by SOCRadar, a dark web vendor offered to sell a database containing personally identifiable information belonging to users of 5 different cryptocurrency websites. According to the vendor’s claim, the database was obtained by phishing and comprised the various sensitive information of over 600 thousand users.

A Database Including PII of 81 million Mexican Voters for Sale on The Dark Web


On a dark web forum monitored by SOCRadar, a dark web vendor offered to sell a database containing personally identifiable information belonging to Mexican voters. There is no information about how the vendor obtained the database. However, according to the vendor’s claim, the database comprises full names, addresses, and various sensitive information of over 80 million citizens. The vendor also stated that samples would be provided if requested.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.