Donut Leaks attacks Peroni Pompe

Incident Date: Jul 09, 2023

Attack Overview
VICTIM
Peroni Pompe
INDUSTRY
Manufacturing
LOCATION
Italy
ATTACKER
Donut
FIRST REPORTED
July 9, 2023

The Donut Leaks Ransomware Gang's Attack on Peroni Pompe

The Donut Leaks ransomware gang has attacked Peroni Pompe. Peroni Pompe is an oil and gas pump manufacturer headquartered in Corsico, Italy. Donut Leaks posted Peroni Pompe to its data leak site on July 4th, threatening to publish all stolen data in 30 days.

Researchers first identified the Donut Leaks extortion group when an employee of one of the victims revealed that the corporate network had been breached by threat actors seeking to steal data. After successfully pilfering the data, the threat actors proceeded to email the victims' business partners and employees with URLs to their Tor extortion sites.

Tor Extortion Sites

These Tor sites consist of two components: a shaming blog and a data storage site. Visitors to these sites can freely browse and download all the stolen and leaked data. The stolen data storage server operates using the File Browser application, enabling visitors to navigate through the stolen data categorized by victim.

Unclear Tactics

It remains unclear whether the threat actors deploy ransomware during their network breaches or if they solely operate as a data extortion group. However, Sheppard Robson, a victim, did disclose that their recent attack involved ransomware. Researchers also believe that Donut Leaks could be an offshoot of the Ragnar Locker and Hive ransomware gangs.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.