Malicious actors responsible for the creation of a new type of ransomware have claimed responsibility for the latest cyberattack on a Toronto-based company, threatening to leak sensitive company data unless a ransom is paid.
The ransomware group known as DarkSide posted on its website that not only has it disabled the victim company’s systems through encryption, but also managed to steal some 200 GB of information, such as employee files, finance, and payroll records, as well as business plans.
“If you need proof we are ready to provide you with it,” the DarkSide group said on its website. “The data is preloaded and will be automatically published if you do not pay. After publication your data will be available [to others] for at least six months on our tor cdn servers.”
IT World Canada reported that until the data breach is confirmed, it would not disclose the identity of the publicly-traded, billion-dollar company being targeted.
DarkSide is a relatively new ransomware group, making its debut sometime in mid-August.
“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere. We received millions of dollars in profit by partnering with other well-known cryptolockers. We created DarkSide because we didn’t find the perfect product for us. Now we have it,” the hacker group said.
The group also claimed on its website that they have principles, and thus will not attack organizations involved with medicine, education, non-profits, or the government.
“We only attack targets that can pay the requested amount, we do not want to kill your business.”
DarkSide additionally explained that it analyzes their victim’s accountancy first before launching a ransomware attack, to determine how much the victim can pay based on their net income.