Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Number of Victims Listed |
New Since January 1st, 2021 |
Victim Profiles |
59 |
37 |
Victims located in the U.S., South America, Middle East, and U.K. Victims include manufacturers of all types of products, including energy companies, clothing companies, travel companies. |
DarkSide is a relatively new ransomware group. eSentire’s security research team, the Threat Response Unit (TRU), began tracking them in December 2020, and the group is thought to have emerged in November 2020. The operators claim on their blog/leak site to have infected 59 organizations in total, compromising 37 of them in 2021. News broke on May 8, 2021, that the DarkSide group might be behind the ransomware attack which forced the shutdown of Colonial Pipeline the day before. The Colonial Pipeline is one of the largest pipelines in the U.S. and delivers about 45 percent of the fuel used along the Eastern Seaboard. As of May 12, the shutdown has caused gas shortages in many markets, and depending on how long the shutdown lasts, the incident could impact millions of consumers.
DarkSide states that they provide their ransomware via a Ransomware-as-a-Service model. eSentire’s TRU wonders if one of DarkSide’s affiliates (partners) was responsible for the attack against Colonial Pipeline, and that the threat actors behind DarkSide were unaware of the sensitive target until news broke across the globe of Colonial’s shutdown.
Interestingly, DarkSide published the following on their website on Monday, May 10, suggesting that this may be the case: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.“
See image below from the DarkSide website:
The DarkSide threat actors also state on their blog that they are able to capture more of a foothold into their victims’ IT environments, boasting that they seize victims’ SQL databases, network passwords, network maps, any clear passwords, domain names, etc
DarkSide Continues to Claim New Victims after Colonial Pipeline Incident
Like many of the other ransomware gangs, the DarkSide operators list their victims. Regardless of the tremendous attention currently being paid to the DarkSide gang by law enforcement and security researchers, they appear to be carrying on as if it is “business as usual.” On Tuesday, May 11 and Wednesday, May 12 they posted two new victim organizations. One of them is an IT Services company out of the U.S. They claim to have stolen all kinds of data from the firm including their financial statements, employee passports, Active Directory passwords etc . The other purported victim is a U.K.-based civil engineering company and a developer of wind farms. In reviewing their list of victims, it appears that they are primarily located in the U.S., South America, Middle East, and U.K. DarkSide victims include manufacturers of all types of products, energy companies, retailers of clothing and office products, and travel companies.
One of the other organizations DarkSide claims to have compromised is a Georgia-based company called The Dixie Group (NASDAQ: DXYN.O). The threat actors posted The Dixie Group on their list of victims on April 18, 2021. The Dixie Group manufactures carpets and custom rugs, and proprietary yarns used in manufacturing soft floorcoverings. eSentire cannot confirm DarkSide’s claim that they attacked The Dixie Group. However, on April 19, The Dixie Group Inc., announced that they suffered a ransomware attack on their IT systems on April 17, 2021. News outlets also reported in March 2021 that the DarkSide operators attacked CompuCom Systems, gaining access to administrative credentials, and then deploying their ransomware.
Another purported victim of the DarkSide group is a well-known, U.S.-based clothing manufacturer. Not only does DarkSide provide financial records that they claim are from the company, but they also provide video footage from what they claim is one of the clothing company’s shipping and receiving centers. The other victims they claim to have compromised include one of the largest electric power facilities in South America, which generates, transmits, distributes, and trades electric energy.
They name other victims as well, including a large company based in the Middle East that designs, manufactures, and markets a broad range of products for healthcare facilities; U.S. law firms; a large U.S.-based dental practice; a feed and fertilizer company; travel companies; and a sportswear company.
An ironic aspect of the DarkSide group is that they have registration sections on their blog for “press members” and for “ransomware recovery firms.” If you are a member of the press, they state they will give you an exclusive, letting you know about a company that has been breached before they publish it to their blog site. If you are with a ransomware recovery firm, they state they will offer discounts on the ransom being demanded of the victim organization.
The DarkSide operators also like to give the impression that they are like Robin Hood. They state that they ONLY go after profitable companies — those organizations that can afford to pay a ransom. They state that they will not attack hospitals, palliative care facilities, nursing homes, funeral homes, and companies involved in developing and distributing the COVID-19 vaccine. (See image below.)
Best of all, they state that they have donated several thousand dollars to two charities, one helping provide education to disadvantaged children and one that helps provide clean water to communities in Africa. The threat actors specifically ask that the names of the charities to which they have donated not be publicized so as not to cause them problems.
Finally, they offer to provide victim names in advance so investors can earn money from the company’s stock price reduction, once news of the attack is known. (See image below.)
The DarkSide group is just one of many ransomware gangs plaguing organizations today. These threat groups are indiscriminate in their attacks, they have compromised every type of company and entity one can think of--- from hospitals to school districts to car and medical device manufacturers to local and state government agencies. For those organizations who do not have the right security protections in place, ransomware attacks can do untold damage to their victims, as we are seeing with Colonial Pipeline, and as we saw with the ransomware attacks levied against the City of Baltimore and the City of Atlanta. Both cities suffered approximately $18 million in damages.
Is your company prepared to defend against a ransomware attack or other type of cyberattack? If you aren’t currently engaged with a Managed Detection and Response (MDR) provider, we highly recommend you partner with us for security services in order to disrupt threats before they impact your business.
Want to learn more? Connect with an eSentire Security Specialist.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.