T-9. Brenntag

Ransom Paid: $4.4 Million

Chemical distributor Brenntag in May paid a $4.4 million ransom in Bitcoin to the Darkside ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. Brenntag suffered a ransomware attack that targeted their North America division, with the hackers encrypting devices on the network and stealing unencrypted files, BleepingComputer reported.

The Darkside ransomware group claimed to have stolen 150GB of Brenntag data during their attack. To prove their claims, the ransomware gang created a private data leak page containing a description of the types of data that were stolen and screenshots of some of the files. DarkSide initially demanded a $7.5 million ransom, but after negotiations cut the ransom to $4.4 million, BleepingComputer reported.

The DarkSide affiliate claims to have gotten access to Brenntag’s network after purchasing stolen credentials, BleepingComputer reported. However, the DarkSide affiliate does not know how the stolen credentials were originally obtained. Ransomware gangs and other threat actors commonly use dark web marketplace to purchase stolen credentials, especially those for remote desktop credentials.