Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Chemical Distributor Shares Info on DarkSide Ransomware Data Theft

US Chemical Distributor Shares Info on DarkSide Ransomware Data Theft

World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division.

Brenntag is the second largest in sales for North America, according to the ICIS report on the Top 100 Chemical Distributors worldwide.

The chemical distribution company is headquartered in Germany and has more than 17,000 employees worldwide at over 670 sites.

Stolen info includes SSNs, medical info, more

Brenntag confirmed the ransomware attack in an email statement sent to BleepingComputer on May 13, saying that it disconnected all impacted systems from the network after the incident was discovered to contain the threat.

However, as revealed in data breach notification letters sent to affected individuals during late June, the chemical distribution firm became aware of the attack on April 28, two days after the DarkSide operators breached its network.

“Our investigation confirmed that Brenntag systems were accessed without authorization starting on April 26, 2021, and/or that some information was taken from our system,” the company said.

The data exfiltrated by the DarkSide attackers includes “social  security  number,  date  of  birth,  driver’s license number, and select medical information.”

Luckily, as Brenntag further explained, third-party cybersecurity forensic experts hired to investigate the incident found no evidence that the stolen information was misused for fraudulent purposes.

The company also asked the impacted individuals (more than 6700 according to info provided to Maine’s Attorney General) to review their account statements and keep an eye on their free credit reports to detect any attempts of identity theft and fraud.

“If you find any transactions you do not recognize, contact the business or institution issuing the statement,” Brenntag added.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

$4.4 million ransom paid to DarkSide

As BleepingComputer reported in May, the chemical distributor company paid a $4.4 million ransom to DarkSide for a decryptor and to prevent the ransomware gang from leaking the stolen data.

The ransom was negotiated down from 133.65 bitcoins (roughly $7.5 million at the time), with Brenntag having sent the $4.4 million to the attackers on May 11, as BleepingComputer was able to confirm.

After the attack, the DarkSide ransomware group claimed to have exfiltrated150GB of data while they had access to Brenntag’s systems.

As proof of their claims, the threat actors also created a private data leak page with a description of the types of stolen data and screenshots of some of the files.

Private data leak page sent to Brenntag
Private data leak page sent to Brenntag

The DarkSide affiliate who breached Brenntag’s systems claimed to have gotten access to the network using stolen credentials bought from an unknown source.

This aligns with similar tactics employed by other ransomware gangs who regularly purchase stolen credentials (including Remote Desktop credentials) from dark web marketplace.

BleepingComputer reported in April that threat actors used UAS, one of the largest RDP marketplaces, to sell more than 1.3 million stolen credentials since the end of 2018.

The Darkside ransomware gang has been active since August 2020 with a focus on corporate networks and asking millions of dollars for decryptors and the promise not to release stolen data.

The ransomware group landed in the crosshairs of the US government and law enforcement after hitting Colonial Pipeline, the largest fuel pipeline in the US.

Following heightened scrutiny from law enforcement, DarkSide decided to suddenly shut down in May out of fear of being arrested.

Also Read: PDPA Compliance Singapore: 10 Areas to Work On

DarkSide hit other organizations in the past, including Discount Car and Truck RentalsBrookfield Residential, and Brazil’s Eletrobras and Copel energy companies.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us