The DonutLeaks Ransomware Gang's Attack on Sidock

The DonutLeaks ransomware gang has attacked Sidock. Sidock is a full-service multi discipline firm that focuses on engineering and civil planning. It is headquartered in Michigan, USA. DonutLeaks posted Sidock to its data leak site on October 21st, claiming to have stolen credit card details, bills, and SSNs.

Identification of the DonutLeaks Extortion Group

Researchers first identified the DonutLeaks extortion group when an employee of one of the victims revealed that the corporate network had been breached by threat actors seeking to steal data. After successfully pilfering the data, the threat actors proceeded to email the victims' business partners and employees with URLs to their Tor extortion sites.

The Composition of the Tor Extortion Sites

These Tor sites consist of two components: a shaming blog and a data storage site. Visitors to these sites can freely browse and download all the stolen and leaked data. The stolen data storage server operates using the File Browser application, enabling visitors to navigate through the stolen data categorized by victim.

Uncertainty Around Ransomware Deployment

It remains unclear whether the threat actors deploy ransomware during their network breaches or if they solely operate as a data extortion group. However, Sheppard Robson, a victim, did disclose that their recent attack involved ransomware. Researchers also believe that DonutLeaks could be an offshoot of the RagnarLocker and Hive ransomware gangs.