Novel data extortion gang "Donut Leaks" may have been involved in the recent ransomware attacks against Greek natural gas firm DESFA
, multinational construction company Sando, and U.K. architecture firm Sheppard Robson, as indicated by the significantly more extensive data posted on its leak site, compared with the sites of Ragnar Locker and Hive ransomware, which attacked DESFA and Sando, respectively, according to BleepingComputer
One of the victim organizations had their corporate network infiltrated by Donut Leaks to facilitate data theft, which would then be followed by the delivery of Tor extortion site URLs to their business partners and employees through email, an employee from one of the impacted firms revealed to BleepingComputer.
Included in the Tor sites is a shaming blog that has listed five victim organizations, as well as a storage server noting 10 victims. Nearly 2.8TB of data from the 10 victims have been exposed by Donut Leaks, according to File Browser stats. However, whether Donut Leaks is solely involved in data extortion or also engages in ransomware deployment remains unclear.