Cybercriminals often try innovative methods in their attacking techniques to increase their success rate and evade security detection (obfuscation). From new malware variants to different hacking methods, threat actors constantly change their approaches to encrypt victims’ data and pressurize them into paying the ransom. To prove their power, the operators behind the Darkside ransomware group announced that they are leveraging new extortion tactics by targeting companies that are listed stock markets like NASDAQ.
In a notification posted on a dark web portal, the Darkside operators stated they are coaxing certain crooked stockbrokers to use insider information of their corporate targets so that they can short-sell a victim company’s stock before they disclose the breach or leak any data. The operators believe that the impact of posting a traded company’s name on its website will cause the victim company’s stock price to fall and help insider traders make profits.
Besides, the announcement also represents a new method to indirectly threaten and pressurize the targeted companies into paying the ransom.
“Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn at the reduced price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information,” Darkside operators said.
Twice the Benefits
Several industry experts opined that Darkside actors could benefit in two ways with this new extortion technique. The ransomware group could demand a huge amount from any trader in exchange for insider information. If traders are not approached, threat actors can still monetize the situation by threatening the victim company by leaking sensitive corporate data online — a common scenario where most organizations avoid paying ransom demands.
“While other ransomware families previously discussed how to leverage the effect of a publicly disclosed cyberattack on the stock market, they have never made it their official attack vector. DarkSide becomes the first ransomware variant to make it formal,” said Dmitry Smilyanets, threat intel analyst at Recorded Future.
Impact of Cyberattacks on Company’s Stock
Cyberattacks impact an organization in many ways, including loss of trust from customers, clients, damage of brand image, and of course a shrink in market value. However, the impact on stock values will not cause long-term damage to the company’s market value. Certain security experts opine that these kinds of extortion techniques have little chance to work out.
Shorting ransomware victim stock is something that @thegumshoo and I have been speculating about for a while. BUT, most companies don’t take a noticeable hit in their stock price after a ransomware attack – at least not long term. https://t.co/CIBGN13Sl6
— Allan “Ransomware Sommelier🍷” Liska (@uuallan) April 22, 2021
The Other Side of Darkside
This is not the first time that Darkside ransomware operators have come up with a new approach. Earlier, the group revealed their flipside by donating $20K from their ransom amount to two nonprofits charities: Children International and the Water Project. The threat actors claimed that they are planning to make more donations like this in the future. Read More Here…