Darkrace attacks Marstrand

Incident Date:

June 9, 2023

World map



Darkrace attacks Marstrand






Marstrand, Sweden

, Sweden

First Reported

June 9, 2023

The Darkrace Ransomware Attack on Marstrand Local Government

The Darkrace ransomware gang has attacked the Marstrand Local Government. Marstrand is a seaside municipality in Sweden. It has a population of 1,319 people and is known for its scenery, swimming, and sailing. Marstrand is known for being the sailing capital of Sweden.

Darkrace published Marstrand to its dark web leak site on June 9th, claiming to have stolen 41GB of data. Darkrace has neither confirmed nor denied the incident, and it is unclear what Darkrace may have demanded as ransom. Stolen data allegedly includes photos and invoices.

About Darkrace Ransomware

Darkrace is a recently discovered ransomware gang that specifically targets Windows systems. Darkrace ransomware is similar to the LockBit ransomware, with similarities including the deployment of batch files to terminate processes, the dropping of file icons, and the utilization of random encryption extensions. These similarities suggest that Darkrace leverages the leaked Lockbit building source code from November 2022.

The ransomware group has been very active recently, posting several victims to its leak site in the past month, including:

  • Rzepecki Mroczkowski Sp. Z o.o., a Polish automotive company.
  • hep global GmbH, a German solar energy company.
  • PLURISERVICE Spa, an Italian technology solutions provider.
  • PESSI, a Pakistani health insurance company.
  • CO.NA.TE.CO., an Italian shipping container company.
  • ERT, a Portuguese automotive parts manufacturer.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.