Reading:
The Week in Dark Web – 4 October 2021 – Ransomware Attacks and Data Leaks

The Week in Dark Web – 4 October 2021 – Ransomware Attacks and Data Leaks

October 4, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. New Ransomware attacks, some database leaks, and selling user information are on the rise and took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

The New Ransomware Victim Hit By The Conti Ransomware Gang

On October 2, SOCRadar found a post allegedly announcing a ransomware attack targeting a technology firm from the US on the Conti ransomware group website. Established in 1997, the victim corporation controls the manufacturing of 3D digital scanners and clear aligners used in orthodontics. 

The group behind the attack known as Conti is also responsible for last month’s ransomware attack on JVC Kenwood, a Japanese multinational electronics giant. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.

Government Database of Indonesia Leaked On The Dark Web

On September 29, a vendor claimed to have a citizen database allegedly belonging to the government of Indonesia on a dark web forum monitored by SOCRadar. According to the dark web post, while it is unclear how the database was obtained, the surfaced details contain full names, emails, addresses, and phone numbers of more than 270 million Indonesian citizens. Also, there are 20 million personal photos available.

Unauthorized Access Sale Detected For UAE Company On The Dark Web

On September 20, 2021, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a manufacturing firm from Saudi Arabia on the RansomExx (Defray777) ransomware group website. Established in 1990, the victim corporation controls the supply of corrugated packaging in the MENA region. The group behind the attack known as RansomExx is also responsible for last month’s ransomware attack on GIGABYTE, a computer hardware giant. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.

RDP Access Sale Detected For An Automotive Company from Qatar

On September 24, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell unauthorized access allegedly for a smart city firm from the UAE. The dark web vendor claimed that the victim firm has over $50 million in revenue. The vendor also stated that the buyer would have access to around 250 computers at the admin level.

The New Ransomware Victim of LockBit 2.0

On October 3, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a brokerage organization from Sweden on the LockBit 2.0 ransomware group website. Established in Stockholm, the victim corporation is engaged in brokerage and finance with over $6 million in revenue. 

The group behind the attack known as LockBit 2.0 is also responsible for the ransomware attack on Accenture, and the victim firm tied up in $50 million. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.

User Database of Linkedin Allegedly Put For Sale On The Dark Web

On September 28, 2021, a vendor offered to sell a user database allegedly belonging to a telecommunication company from Saudi Arabia on a dark web forum monitored by SOCRadar. While the dark web vendor did not give any detail about how the database was seized, the surfaced details contained various personally identifiable information (PII) of over 180 thousand users. The vendor also stated that the database is up to date.


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.