Darkside ransomware operators have changed their extortion tactics and are now targeting organizations listed on NASDAQ or other stock markets. They believe that the negative impact of having a traded organization’s name listed on their website would cause its stock price to fall, and the attackers are trying to make a profit out of this.

What is happening?

In a recent message on their dark web portal, the operators stated that they are willing to inform crooked stock traders in advance.
  • The announcement serves as an indirect technique to scare hacked organizations that are not paying the ransom, as it could result in a negative impact on their market listings.
  • A security researcher claims that none of the previous ransomware attacks has caused any long-term damage to an organization’s market listing. Therefore, the chances of this technique’s success are narrow.
  • Furthermore, any large short bets are likely to be investigated by regulatory bodies, and not many traders are believed to be taking up Darkside’s offer for such small gains and regulatory risks.

Other extortion techniques

This technique is just the latest one in a long list of extortion schemes that ransomware gangs have been using.
  • A few weeks ago, the Clop ransomware gang was applying pressure on its victims by emailing their customers asking them for ransom payment for the protection of their privacy.
  • Last month, the REvil ransomware group was observed calling journalists or business partners to expose a victim’s breach. In addition, it was launching DDoS attacks against an organization’s IT infrastructure.


Most organizations now have adequate security measures in place and decline to pay the ransom. Hence, ransomware operators are actively seeking out new techniques to put pressure on victims. Even if the recent technique has very slim chances of success, organizations are recommended to stay cautious.

Cyware Publisher