SpearTip | February 15th, 2021

According to BleepingComputer, Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data. Discount Car and Truck Rentals is a leading Canadian car and truck rental company with 300 locations throughout Canada. Enterprise Holdings’ Canadian subsidiary acquired the company in 2020. This month, the car rental company suffered a cyberattack by the DarkSide ransomware gang that has disrupted the company’s online rental services at discountcar.com.

“Discount Car and Truck Rentals was subject to a ransomware attack that impacted the Discount headquarters office. A fully-dedicated team isolated and contained the attack quickly. The team is working to investigate and restore service as quickly and safely as possible,” Discount Car and Truck Rentals confirmed in a statement to BleepingComputer. While the company restores services, visitors who try to book or manage a rental online are greeted with a message stating that the website is down due to technical issues and to call the listed number for assistance. DarkSide recently listed the company on their ransomware data leak site where they claim to have stolen 120 GB of unencrypted data, including finance, marketing, banking, account, and franchisee data. As proof of this data theft, DarkSide posted numerous pictures of alleged Discount Car and Truck Rentals folder listings.

In August of last year, SpearTip covered DarkSide and their similarities to REvil ransomware group. DarkSide operators try to elevate privileges to gain access to administrative rights across a network. In order for DarkSide to avoid former Soviet countries, a locale check is performed to ensure they attack only English-speaking countries. The threat actors then create log file called ‘LOG.{userid}.TXT’ which is used for the ransomware execution process. SpearTip’s ShadowSpear® Platform defends against attacks from groups like DarkSide by blocking the log file from executing.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.