US chemical distributor shares info on DarkSide ransomware data theft
World- leading chemical circulation firm Brenntag has actually shared extra info on what data was swiped from its network by DarkSide ransomware drivers throughout an assault from late April 2021 that targeted its North America department.
Brenntag is the 2nd biggest in sales for North America, according to the ICIS report on the Top 100 Chemical Distributors worldwide.
The chemical circulation firm is headquartered in Germany and also has greater than 17,000 staff members worldwide at over 670 websites.
Stolen info consists of SSNs, clinical info, much more
Brenntag validated the ransomware assault in an e-mail declaration sent out to BleepingComputer on May 13, stating that it detached all influenced systems from the network after the case was found to include the risk.
However, as disclosed in data breach notification letters sent out to influenced people throughout late June, the chemical circulation company familiarized the assault on April 28, 2 days after the DarkSide drivers breached its network.
“Our investigation confirmed that Brenntag systems were accessed without authorization starting on April 26, 2021, and/or that some information was taken from our system,” the firm stated.
The data exfiltrated by the DarkSide assailants consists of “social security number, date of birth, driver’s license number, and select medical information.”
Luckily, as Brenntag additionally described, third-party cybersecurity forensic professionals worked with to examine the case located no proof that the swiped details was mistreated for illegal functions.
The firm likewise asked the influenced people (greater than 6700 according to info supplied to Maine’s Attorney General) to assess their account declarations and also watch on their cost-free debt records to spot any type of efforts of identification theft and also scams.
“If you find any transactions you do not recognize, contact the business or institution issuing the statement,” Brenntag included.
$ 4.4 million ransom money paid to DarkSide
As BleepingComputer reported in May, the chemical distributor firm paid a $4.4 million ransom money to DarkSide for a decryptor and also to stop the ransomware gang from dripping the swiped data.
The ransom money was bargained below 133.65 bitcoins (approximately $7.5 million at the time), with Brenntag having actually sent out the $4.4 million to the assailants on May 11, as BleepingComputer had the ability to verify.
After the assault, the DarkSide ransomware team asserted to have exfiltrated150GB of data while they had accessibility to Brenntag’s systems.
As evidence of their insurance claims, the risk stars likewise developed a personal data leakage web page with a summary of the sorts of swiped data and also screenshots of a few of the documents.
The DarkSide associate that breached Brenntag’s systems asserted to have actually obtained accessibility to the network making use of swiped qualifications purchased from an unidentified resource.
This lines up with comparable techniques used by various other ransomware gangs that frequently buy swiped qualifications (consisting of Remote Desktop qualifications) from dark internet market.
BleepingComputer reported in April that risk stars utilized UAS, among the biggest RDP industries, to market greater than 1.3 million swiped qualifications considering that completion of 2018.
The Darkside ransomware gang has actually been energetic considering that August 2020 with an emphasis on business networks and also asking numerous bucks for decryptors and also the assurance not to launch swiped data.
The ransomware team landed in the crosshairs of the US federal government and also police after striking Colonial Pipeline, the biggest gas pipe in the US.
Following enhanced analysis from police, DarkSide chose to unexpectedly close down in May out of anxiety of being jailed.
DarkSide struck various other companies in the past, consisting of Discount Car and also Truck Rentals, Brookfield Residential, and also Brazil’s Eletrobras and also Copel power firms.