In May 2021, Chemical distribution company Brenntag suffered a ransomware attack that targeted their North American division. The attack was claimed by the DarkSide ransomware gang who states they have stolen 150GB worth of data. To prove their claims, DarkSide had published a private data leak page containing a description of the types of data stolen and screenshots of some of the files.
Brenntag published a statement that confirmed they had experienced a security incident: “Brenntag North America is currently working to resolve a limited information security incident.” They also informed the public they had “disconnected affected systems from the network to contain the threat. In addition, third-party cybersecurity and forensic experts were immediately engaged to help investigate. We also informed law enforcement of this incident.”
The initial access to the network was made with stolen credentials that the DarkSide affiliate claims to have purchased on the Dark Web.
The initial ransom was for 133.65 Bitcoins which was valued at approximately $7.5 million USD at the time of the attack. But the ransom demand was negotiated down to $4.4 million that was paid on the 11th of May 2021.
Updated on 25th of June 2021.
On the 25th of June 2021, Brenntag sent data breach notification letters to all the affected individuals which were more than more than 6700 individuals according to info provided to Maine’s Attorney General. The letters stated that Brenntag had become aware of the attack on April 28th, 2021, two days after the DarkSide had breached its network.
“Our investigation confirmed that Brenntag systems were accessed without authorization starting on April 26, 2021, and/or that some information was taken from our system,”
Brenntag stated that the data exfiltrated included “social security number, date of birth, driver’s license number, and select medical information.” Brenntag also explained that the third-party cybersecurity forensic experts that were hired to investigate the incident, found no evidence that the stolen information was misused for fraudulent purposes.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.