Hacker group behind Colonial Pipeline attack claims it has three new victims

The hacker group DarkSide claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the U.S.

Over the past 24 hours, the group posted the names of three new companies on its site on the dark web, called DarkSide Leaks. The information posted to the site includes summaries of what the hackers appear to have stolen but do not appear to contain raw data. DarkSide is a criminal gang, and its claims should be treated as potentially misleading.

The posting indicates that the hacker collective is not backing down in the face of an FBI investigation and denunciations of the attack from the Biden administration. It also signals that the group intends to carry out more ransom attacks on companies, even after it posted a cryptic message earlier this week indicating regret about the impact of the Colonial Pipeline hack and pledging to introduce “moderation” to “avoid social consequences in the future.”

One of the companies is based in the United States, one is in Brazil and the third is in Scotland. None of them appear to engage in critical infrastructure. Each company appears to be small enough that a crippling hack would otherwise fly under the radar if the hackers hadn’t received worldwide notoriety by crippling gasoline supplies in the United States.

The U.S.-based company is a technology services reseller based in Illinois. DarkSide claims to have stolen more than 600 gigabytes of sensitive information, including passwords, financial information, HR information and employee passports from it.

The Brazilian company is a reseller of renewable energy products, and DarkSide claims possession of more than 400 gigabytes of data from it including “personal data of clients” and “details of agreements.”

The Scottish company is in the construction industry, and DarkSide claims to have stolen 900 gigabytes including contracts, commercial and personal data going back three years.

CNBC has contacted each of the companies for comment on the apparent ransomware attacks.

Source: CNBC