DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

A former DarkSide listing shows up on REvil’s leak site

Posted on May 26, 2021 by Dissent

On May 15, Chum1ng0 reported that German furniture retailer Möbelstadt Sommerlad had been hit by DarkSide threat actors. By then DarkSide’s leak site was down and it had not been possible to confirm whether DarkSide had ever listed the retailer as a victim or dumped any proof of claim, but given the time frame of the attack and the takedown of DarkSide’s site, it seemed unlikely that they had ever been listed. It was the owner of the furniture store who named DarkSide as the threat actors, and who stated that the firm would not be paying any ransom.

As of today, the notice saying that the store is still not functioning remains on their web site (the English version):

Sommerlad Notice - English
IMAGE: DATABREACHES.NET

But also of note, today Chum1ng0 noticed that REvil (Sodinokibi) threat actors listed this attack as their work, and claim to have more than 175 GB of data:

We downloaded a lot of interesting information from your network. All data are fresh and will be stored on our CDN servers for the next 6 month if you do not pay.

If you need data leak proofs, we are ready to provide them.

IMAGE: DATABREACHES.NET

Consistent with their usual practice, they provided some screencaps of file trees.

The fact that they listed the firm on their leak site suggests that Möbelstadt Sommerlad’s owner has not changed their mind and is continuing to refuse to pay any ransom, but without email and with their Facebook page not available, it’s difficult to confirm this with them.

Möbelstadt Sommerlad;s Facebook page on May 26, 2021. IMAGE: DATABREACHES.NET

What the listing by REvil does confirm, however, is some frequent speculation that DarkSide and REvil had a collaborative or cooperative relationship somehow. Did one of DarkSide’s affiliates now take their data to REvil to help them with the extortion attempt? Perhaps.


In collaboration with Chum1ng0. Post-publication, I learned that this was first reported on Twitter by @z0man, so credit to him.

No related posts.

Category: Business SectorMalwareNon-U.S.

Post navigation

← Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agencies
WA: Clover Park School District investigating ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.