The Week in Dark Web – 8 November 2021 – Ransomware Attacks and Data Leaks
Powered by DarkMirror™
This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.
Find out if your data has been exposed on the deep web.
Unauthorized Citrix Access Sale Detected For A Brazillian Company On The Dark Web
On November 2, on a dark web forum monitored by SOCRadar, a vendor attempted to sell unauthorized Citrix access allegedly for an electricity firm from Brazil. While the dark web vendor did not give the name of the victim firm, it is stated that the buyer would have Citrix access for the firm and databases containing personally identifiable information (PII) belonging to the customers of the company. According to the dark web post, the victim firm has a revenue of $6 billion with 16 thousand employees
The New Ransomware Victim of Conti
On November 4, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a firm from China on the Conti groups’ website. Established in Shanghai, the victim corporation is engaged in digital and ecological technologies. The group behind the attack, known as Conti, was also behind incidents JVC. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.
Customer Database of A Furniture Shop From Indonesia Leaked On The Dark Web
On November 1, a vendor claimed to have databases allegedly belonging to a furniture shop from China on a dark web forum monitored by SOCRadar. Indonesia-based victim organization is engaged in baby products. According to the dark web post, breached databases contain personally identifiable information (PII) of thousands of customers.
The New Ransomware Victim Hit By The LockBit2.0 Ransomware Gang
On November 2, SOCRadar found a post allegedly announcing a ransomware attack targeting a technology firm from France on the LockBit 2.0 groups’ website. The victim organization is engaged in computer systems design with a revenue of $4.6 million.
A Database Containing Information Belonging to Malaysian Doctors Leaked On The Dark Web
On November 4, a vendor attempted to sell a database allegedly containing personally identifiable information (PII) belonging to Malaysian doctors on a dark web forum monitored by SOCRadar. The surfaced details include full names, emails, phone numbers, and organization names according to the sample. While it is not clear how the database was obtained, the dark web vendor stated that there is information of 1700 doctors in the database.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.