Trend Micro researchers found that cybercriminals impersonating the DarkSide ransomware gang, which perpetrated the Colonial Pipeline hack, have been sending threatening emails to numerous organizations in the energy and food industries, reports Threatpost.
The targeted organizations are being warned in the emails that the threat actors will disclose their successful enterprise network hacks and exfiltration of sensitive data if the organizations will not pay 100 Bitcoin, or nearly $3.8 million. Despite the similarities between the emails and the double extortion technique employed by DarkSide, Trend Micro said that the new attacks have been perpetrated by a doppelganger of the group, as indicated by the emails' lack of proof of stolen data and mistakes in attribution.
"The content used on the emails has led us to believe that they did not come from the said threat group, but from an opportunistic low-level attacker trying to profit off the current situation around DarkSide ransomware activities," said researchers.
The targeted organizations are being warned in the emails that the threat actors will disclose their successful enterprise network hacks and exfiltration of sensitive data if the organizations will not pay 100 Bitcoin, or nearly $3.8 million. Despite the similarities between the emails and the double extortion technique employed by DarkSide, Trend Micro said that the new attacks have been perpetrated by a doppelganger of the group, as indicated by the emails' lack of proof of stolen data and mistakes in attribution.
"The content used on the emails has led us to believe that they did not come from the said threat group, but from an opportunistic low-level attacker trying to profit off the current situation around DarkSide ransomware activities," said researchers.