The Darkrace Ransomware Attack on Marstrand Local Government

The Darkrace ransomware gang has attacked the Marstrand Local Government. Marstrand is a seaside municipality in Sweden. It has a population of 1,319 people and is known for its scenery, swimming, and sailing. Marstrand is known for being the sailing capital of Sweden.

Darkrace published Marstrand to its dark web leak site on June 9th, claiming to have stolen 41GB of data. Darkrace has neither confirmed nor denied the incident, and it is unclear what Darkrace may have demanded as ransom. Stolen data allegedly includes photos and invoices.

About Darkrace Ransomware

Darkrace is a recently discovered ransomware gang that specifically targets Windows systems. Darkrace ransomware is similar to the LockBit ransomware, with similarities including the deployment of batch files to terminate processes, the dropping of file icons, and the utilization of random encryption extensions. These similarities suggest that Darkrace leverages the leaked Lockbit building source code from November 2022.

The ransomware group has been very active recently, posting several victims to its leak site in the past month, including:

• Rzepecki Mroczkowski Sp. Z o.o., a Polish automotive company.
• hep global GmbH, a German solar energy company.
• PLURISERVICE Spa, an Italian technology solutions provider.
• PESSI, a Pakistani health insurance company.
• CO.NA.TE.CO., an Italian shipping container company.
• ERT, a Portuguese automotive parts manufacturer.