DarkVault Ransomware Group Strikes Buy Eazzy, Exposing Cybersecurity Flaws

Incident Date:

June 27, 2024

World map



DarkVault Ransomware Group Strikes Buy Eazzy, Exposing Cybersecurity Flaws


Buy Eazzy App




New Delhi, India

, India

First Reported

June 27, 2024

DarkVault Ransomware Group Targets Buy Eazzy App

Overview of Buy Eazzy

Buy Eazzy is an online platform specializing in products designed to enhance comfort and convenience in daily life. The company offers innovative solutions for home living, personal care, and lifestyle improvement. Their primary offerings include bedding products such as mattresses, mattress toppers, and pillows, engineered to improve sleep quality through advanced materials like memory foam and gel-infused layers. Additionally, Buy Eazzy provides ergonomic furniture, kitchen gadgets, and personal care items aimed at simplifying tasks and enhancing overall well-being.

Founded by Rahul Aggarwal and Hariher Balasubramanian, Buy Eazzy aims to onboard over 300 million offline users from Tier 2 and beyond cities in India onto online shopping. The company has received funding from investors like M Venture Partners and Incubate Fund India. Buy Eazzy's unique approach involves transforming neighborhood micro-entrepreneurs into "multi-preneurs" by enabling them to diversify and monetize their existing customer base without additional investment, inventory, or risk.

Details of the Ransomware Attack

Buy Eazzy recently fell victim to a ransomware attack orchestrated by the DarkVault ransomware group. The attack was publicly claimed by DarkVault via their dark web leak site. The specifics of the attack, including the ransom demands and the extent of the data compromised, have not been fully disclosed. However, the incident has raised significant concerns about the cybersecurity measures in place at Buy Eazzy.

The attack highlights the vulnerabilities that companies in the retail sector face, particularly those with a strong online presence and a large customer base. Buy Eazzy's focus on customer satisfaction and detailed product descriptions, user reviews, and comprehensive guides may have made them an attractive target for threat actors seeking to exploit their extensive data repositories.

Profile of DarkVault Ransomware Group

The DarkVault ransomware group is a relatively new player in the ransomware landscape, having emerged with a dark web leak site that mirrors the design of the LockBit leak site. This imitation strategy suggests a level of sophistication and a deliberate attempt to emulate successful ransomware operations. DarkVault's association with the dark web implies a clandestine operational model, making it challenging for authorities to track and counter their activities effectively.

DarkVault has already published the data of 19 victims on its leak site, indicating a rapid and aggressive approach to their ransomware campaigns. The group's use of the LockBit Black ransomware has spurred rebranding rumors, although many gangs mimic LockBit’s leak site and use its leaked ransomware builder. This tactic allows DarkVault to exploit known vulnerabilities in cybersecurity defenses, potentially enabling them to penetrate systems with relative ease.

Potential Penetration Methods

While the exact method of penetration in the Buy Eazzy attack remains unclear, common tactics employed by ransomware groups like DarkVault include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. Given Buy Eazzy's extensive online operations and customer interactions, phishing attacks could have been a plausible entry point. Additionally, any unpatched software or weak security protocols could have provided an avenue for the ransomware to infiltrate their systems.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.