A car and truck rental service company has been targeted by a ransomware attack – one developed by a hacker group known to offer the malware to other cybercriminals in a twisted ransomware-as-a-service program.
Discount Car and Truck Rentals, the Canadian division of US-based Enterprise Holdings, is suspected to have been affected by ransomware after the hackers responsible for the attack claimed to have copied sensitive data from the company.
The DarkSide ransomware group recently posted a notice on its site, which said that it had copied 120GB of corporate, banking, and franchise data from Discount.
“We downloaded a lot of interesting data from your network. If you need proofs we are ready to provide you with it. The data is preloaded and will automatically be published if you do not pay,” a statement on the DarkSide website said.
The hackers also posted a screenshot of alleged folders from Discount’s file structure as proof that they had carried out the attack.
IT World Canada reached out to Discount for a statement on the matter, and the car rental service confirmed that it was indeed targeted by malware.
“Discount Car and Truck Rentals was subject to a ransomware attack that impacted the Discount headquarters office,” the company said in an email statement. “A fully-dedicated team isolated and contained the attack quickly. The team is working to investigate and restore service as quickly and safely as possible.”
When asked if any customer or employee personal information was copied by the attackers, and how the attack began, a spokesperson for Discount said that an investigation is still underway.
IT World Canada reported that as of Sunday, Discount’s website remained offline due to “technical issues.”
A fairly new ransomware group, DarkSide launched in August last year. Operating as a “hacktivist” group, DarkSide claimed on its website that it has principles, and would never attack organizations involved with medicine, education, non-profits, or the government.
“We only attack targets that can pay the requested amount, we do not want to kill your business.”
Months after its launch, DarkSide later announced an affiliate program, which allowed other cybercriminals to use DarkSide’s ransomware code for their own attacks in exchange for a cut of the ransom payments.