Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOC

Severity

Medium

Analysis Summary

We’ve recently observed the emergence of a new ransomware operation named DarkSide threat actor, once again thrusting the group’s name into the spotlight. Threat actors are taking advantages from social engineering campaigns. DarkSide Campaign is targeting food and energy industry by sending threatening emails. In this emails threat actor declare they have successfully exploit networks and gain unauthorized access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid. This campaign is started on June 4 and hitting a few targets every day. Here is a sample of the email text.

Energy and food industries are attractive targets threat actor is interested in energy (oil,gas,and/or petroleum) and food industries.

Impact

• Information Theft
• File encryption
• Unauthorized Access

Indicators of Compromise

Domain Name

• rumahsia[.]com
• baroquetees[.]com

IP

• 176[.]103[.]62[.]217

MD5

• f587adbd83ff3f4d2985453cd45c7ab1

SHA-256

• 156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673

SHA-1

• 2715340f82426f840cf7e460f53a36fc3aad52aa

Remediation

• Increase awareness of how ransomware spreads, i.e., through spammed emails and attachments.
• Monitor and audit network traffic for any suspicious behaviors or anomalies..
• Do not download files from untrusted sources or emails
• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.