We have always preached on the creativity of threat actors as they use different methods to squeeze money out of victims. DarkSide ransomware is openly reaching out to traders to let them know which publicly traded companies they’ve breached.
DarkSide’s dark web site had a message published on April 20, “Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.”
This scenario will have some moving parts, but here is the impact on each party involved. DarkSide can generate some revenue by selling the information or unveiling which company they’ve successfully breached. The stock traders could then purchase the information and use it to their advantage to earn profits. However, there is an adverse effect on companies hit by DarkSide in the future. When DarkSide inevitably hits their next victim, that victim will likely see the prior efforts and methods DarkSide has used. This may add pressure on the victim to pay the requested ransom to make sure their stock doesn’t tank and lose even more money for the organization.
There may be a few holes in DarkSide’s plans as the fluctuation among the stock market corrects itself. Once the news breaks of a company breach, there may be an initial slide, but within a few days the correction comes after the rest of the market catches wind. This could put a fork in DarkSide’s plan as companies realize they won’t be knocked down for long in the stock market and won’t feel as pressured to pay. The company will still have to deal with the ramifications of the attack itself, which includes downtime and business disruption, but the added pressure may not be as persuasive as they hope.
Another outcome could be the investors and traders’ decisions not to accept or buy the information from DarkSide. There has to be an immense amount of trust between the two parties for a transaction to go through and many of the investors may be reluctant to trust threat actors as the risk doesn’t necessarily outweigh the reward.
From a business security standpoint, shielding threat actors from getting into your environment will help mitigate all of the problems above. Using a security operations center that functions 24/7/365. The cyber threats don’t stop, they’re sophisticated, and they will get creative in order to make financial gains.
Your brand reputation matters. Will customers continue to trust you after a breach? Will partners and clients feel comfortable doing business and exchanging information with your organization? These questions must be asked to propel your company to the next level because breaches are a matter of when, not if.
Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.