Severity
High
Analysis Summary
We’ve recently observed the emergence of a new ransomware operation named DarkSide threat actor, once again thrusting the group’s name into the spotlight. Threat actors are taking advantages from social engineering campaigns. DarkSide Campaign is targeting food and energy industry by sending threatening emails. In this emails threat actor declare they have successfully exploit networks and gain unauthorized access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid.
This campaign is started on June 4 and hitting a few targets every day. Here is a sample of the email text.
Energy and food industries are attractive targets threat actor is interested in energy (oil,gas,and/or petroleum) and food industries.
Impact
- Information Theft
- File encryption
- Unauthorized Access
Indicators of Compromise
- darkside@99email[.]xyz
- darkside@solpatu[.]space
IP
- 205[.]185[.]127[.]35
Remediation
- Increase awareness of how ransomware spreads, i.e., through spammed emails and attachments.
- Monitor and audit network traffic for any suspicious behaviors or anomalies..
- Do not download files from untrusted sources or emails
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.