Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Number of Victims Listed |
New Since January 1st, 2021 |
Victim Profiles |
59 |
37 |
Victims located in the U.S., South America, Middle East, and U.K. Victims include manufacturers of all types of products, including energy companies, clothing companies, travel companies. |
DarkSide is a relatively new ransomware group. eSentire’s security research team, the Threat Response Unit (TRU), began tracking them in December 2020, and the group is thought to have emerged in November 2020. The operators claim on their blog/leak site to have infected 59 organizations in total, compromising 37 of them in 2021. News broke on May 8, 2021, that the DarkSide group might be behind the ransomware attack which forced the shutdown of Colonial Pipeline the day before. The Colonial Pipeline is one of the largest pipelines in the U.S. and delivers about 45 percent of the fuel used along the Eastern Seaboard. As of May 12, the shutdown has caused gas shortages in many markets, and depending on how long the shutdown lasts, the incident could impact millions of consumers.
DarkSide states that they provide their ransomware via a Ransomware-as-a-Service model. eSentire’s TRU wonders if one of DarkSide’s affiliates (partners) was responsible for the attack against Colonial Pipeline, and that the threat actors behind DarkSide were unaware of the sensitive target until news broke across the globe of Colonial’s shutdown.
Interestingly, DarkSide published the following on their website on Monday, May 10, suggesting that this may be the case: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.“
See image below from the DarkSide website:
The DarkSide threat actors also state on their blog that they are able to capture more of a foothold into their victims’ IT environments, boasting that they seize victims’ SQL databases, network passwords, network maps, any clear passwords, domain names, etc
DarkSide Continues to Claim New Victims after Colonial Pipeline Incident
Like many of the other ransomware gangs, the DarkSide operators list their victims. Regardless of the tremendous attention currently being paid to the DarkSide gang by law enforcement and security researchers, they appear to be carrying on as if it is “business as usual.” On Tuesday, May 11 and Wednesday, May 12 they posted two new victim organizations. One of them is an IT Services company out of the U.S. They claim to have stolen all kinds of data from the firm including their financial statements, employee passports, Active Directory passwords etc . The other purported victim is a U.K.-based civil engineering company and a developer of wind farms. In reviewing their list of victims, it appears that they are primarily located in the U.S., South America, Middle East, and U.K. DarkSide victims include manufacturers of all types of products, energy companies, retailers of clothing and office products, and travel companies.
One of the other organizations DarkSide claims to have compromised is a Georgia-based company called The Dixie Group (NASDAQ: DXYN.O). The threat actors posted The Dixie Group on their list of victims on April 18, 2021. The Dixie Group manufactures carpets and custom rugs, and proprietary yarns used in manufacturing soft floorcoverings. eSentire cannot confirm DarkSide’s claim that they attacked The Dixie Group. However, on April 19, The Dixie Group Inc., announced that they suffered a ransomware attack on their IT systems on April 17, 2021. News outlets also reported in March 2021 that the DarkSide operators attacked CompuCom Systems, gaining access to administrative credentials, and then deploying their ransomware.
Another purported victim of the DarkSide group is a well-known, U.S.-based clothing manufacturer. Not only does DarkSide provide financial records that they claim are from the company, but they also provide video footage from what they claim is one of the clothing company’s shipping and receiving centers. The other victims they claim to have compromised include one of the largest electric power facilities in South America, which generates, transmits, distributes, and trades electric energy.
They name other victims as well, including a large company based in the Middle East that designs, manufactures, and markets a broad range of products for healthcare facilities; U.S. law firms; a large U.S.-based dental practice; a feed and fertilizer company; travel companies; and a sportswear company.
An ironic aspect of the DarkSide group is that they have registration sections on their blog for “press members” and for “ransomware recovery firms.” If you are a member of the press, they state they will give you an exclusive, letting you know about a company that has been breached before they publish it to their blog site. If you are with a ransomware recovery firm, they state they will offer discounts on the ransom being demanded of the victim organization.
The DarkSide operators also like to give the impression that they are like Robin Hood. They state that they ONLY go after profitable companies — those organizations that can afford to pay a ransom. They state that they will not attack hospitals, palliative care facilities, nursing homes, funeral homes, and companies involved in developing and distributing the COVID-19 vaccine. (See image below.)
Best of all, they state that they have donated several thousand dollars to two charities, one helping provide education to disadvantaged children and one that helps provide clean water to communities in Africa. The threat actors specifically ask that the names of the charities to which they have donated not be publicized so as not to cause them problems.
Finally, they offer to provide victim names in advance so investors can earn money from the company’s stock price reduction, once news of the attack is known. (See image below.)
The DarkSide group is just one of many ransomware gangs plaguing organizations today. These threat groups are indiscriminate in their attacks, they have compromised every type of company and entity one can think of--- from hospitals to school districts to car and medical device manufacturers to local and state government agencies. For those organizations who do not have the right security protections in place, ransomware attacks can do untold damage to their victims, as we are seeing with Colonial Pipeline, and as we saw with the ransomware attacks levied against the City of Baltimore and the City of Atlanta. Both cities suffered approximately $18 million in damages.
Is your company prepared to defend against a ransomware attack or other type of cyberattack? If you aren’t currently engaged with a Managed Detection and Response (MDR) provider, we highly recommend you partner with us for security services in order to disrupt threats before they impact your business.
Want to learn more? Connect with an eSentire Security Specialist.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.