Leading Canadian Rental Car Company Hit By DarkSide Ransomware

Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.

Discount Car and Truck Rentals is a leading Canadian car and truck rental company with 300 locations throughout Canada. Enterprise Holdings’ Canadian subsidiary acquired the company in 2020.

This month, the car rental company suffered a cyberattack by the DarkSide ransomware gang that has disrupted the company’s online rental services at discountcar.com.

“Discount Car and Truck Rentals was subject to a ransomware attack that impacted the Discount headquarters office. A fully-dedicated team isolated and contained the attack quickly. The team is working to investigate and restore service as quickly and safely as possible,” Discount Car and Truck Rentals confirmed in a statement to BleepingComputer.

While the company restores services, visitors who try to book or manage a rental online are greeted with a message stating that the website is down due to technical issues and to call the listed number for assistance.

DarkSide recently listed the company on their ransomware data leak site where they claim to have stolen 120 GB of unencrypted data, including finance, marketing, banking, account, and franchisee data.

Also Read: Limiting Location Data Exposure: 8 Best Practices

As proof of this data theft, DarkSide posted numerous pictures of alleged Discount Car and Truck Rentals folder listings. 

While this stolen data’s legitimacy is not confirmed, DarkSide is known to exfiltrate unencrypted files before they deploy the ransomware to encrypt devices.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

DarkSide has had its share of drama

Since launching their operation in August 2020, DarkSide has had quite a bit of drama.

In October 2020, the ransomware gang decided to donate $20,000 of extortion money to the Children International and The Water Project charities.

“As we said in the first press release – we are targeting only large profitable corporations. We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life.” – Darkside ransomware operators.

Children International told BleepingComputer that if the donation was linked to a hacker, they had no intention of keeping it.

In November, DarkSide claimed to be building a data leak storage site hosted in Iran to prevent law enforcement from taking it down.

These plans backfired on the ransomware operation as it caused ransomware negotiation firm, Coveware, to place DarkSide operation on an internal restricted list due to concerns about US sanctions.

Finally, last month, Bitdefender released a DarkSide decryptor that allowed victims to recover their files for free.

According to the DarkSide gang, this was caused by the same private key used by 40% of their victims.

The ransomware operation quickly fixed the issue after the decryptor was released but had already suffered a big reputation hit among the hacker community.

Also Read: 10 Practical Benefits of Managed IT Services

Other victims known to be attacked by DarkSide ransomware include Brookfield Residential and the Brazilian Eletrobras and Copel energy companies.