Updated August 24: The #DarkSide’s victim is Brookfield Residential. Brookfield Residential describes themselves as a North American land developer and new home builder, and the “flagship North American residential property company of Brookfield Asset Management.” On their leak site, the threat actors had linked to Brookfield.com, which is Brookfield Asset Management, but the documents dumped appeared to be from Brookfield Residential, and a source close to the situation confirmed to DataBreaches.net that it was Brookfield Residential that had been attacked, and not Brookfield Asset Management.
Original post follows…..
Howard Solomon reports:
A new ransomware group says a Toronto-based billion-dollar company is allegedly one of its first victims of a new ransomware group calling itself DarkSide. The new group is demanding payment or threatening to release the copied corporate files publically.
IT World Canada isn’t identifying the publicly-traded company until the data breach is confirmed, but according to a posting today on the group’s dark web site some 200 GB of information including employee files, finance and payroll records and business plans were copied before encryption.
Read more on IT World Canada. According to the DarkSide’s leak site, they automatically started dumping/publishing data on August 16. BleepingComputer has more information on these threat actors and ransomware. From their reporting, the similarities between DarkSide and Sodinokibi (REvil) seem even more apparent.
As of this morning, there is still no statement on the web site of the firm identified by the threat actors, even though the threat actors have now published some of the firm’s data. The firm is a lucrative firm as a target for threat actors. Their investors’ page says they are a global company and have approximately $550 billion in assets under management. (text deleted Aug 24 as the description pertained to Brookfield.com, which was not the victim).
DataBreaches.net reached out to them for a statement in response to the alleged breach, but did not get an immediate response. This post will be updated when a response is received (see update at top of this story).
The DarkSide incident is the second Canadian company hit this week. In other ransomware news out of Canada, customers are reportedly complaining after a ransomware attack on delivery company Canpar Express.