May 14, 2021

Brenntag, a leading chemical distribution company based in Germany, paid $4.4 million to the DarkSide Ransomware gang after an attack in its North America division that enabled the attackers to encrypt devices on the network and steal unencrypted files.

The company is said to have paid the ransom in Bitcoin to get a decryptor for encrypted files and prevent hackers from publicly disseminating stolen data.

The ransomware group DarkSide claimed to have stolen 150 GB of data in their attack.

It initially demanded a ransom of 133.65 Bitcoin worth 7.5 million dollars. After negotiations, the ransom was reduced to 4.4 million dollars and settled by Brenntag on May 11.

DarkSide is a Ransomware-as-a-Service (RaaS) operation, in which Ransomware developers cooperate with third-party vendors, who then carry out the data breach.

Under this arrangement, the DarkSide core team earns 20-30% of the ransom payment, while the rest goes to the hackers who carried out the attack.

The DarkSide Affiliate claims to have gained access to the Brenntag network after purchasing stolen credentials.

This attack shows how important multifactor authentication is for all logins on a network and that all Remote Desktop Servers are behind a VPN.

Enforcement of this practice would have prevented hackers from gaining access to a private network and stealing data.

For more information, read the original story in BleepingComputer.