{
	"id": "23006743-af1e-451c-b98c-539e7be7316d",
	"created_at": "2026-04-23T02:54:03.199289Z",
	"updated_at": "2026-04-25T02:19:34.124722Z",
	"deleted_at": null,
	"sha1_hash": "e6205ca031df4ebbf866535fc3ca6bbd6b5d6866",
	"title": "A former DarkSide listing shows up on REvil's leak site - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 291010,
	"plain_text": "A former DarkSide listing shows up on REvil's leak site -\r\nDataBreaches.Net\r\nPublished: 2021-05-26 · Archived: 2026-04-23 02:08:32 UTC\r\nOn May 15, Chum1ng0 reported that German furniture retailer Möbelstadt Sommerlad had been hit by DarkSide\r\nthreat actors. By then DarkSide’s leak site was down and it had not been possible to confirm whether DarkSide\r\nhad ever listed the retailer as a victim or dumped any proof of claim, but given the time frame of the attack and the\r\ntakedown of DarkSide’s site, it seemed unlikely that they had ever been listed. It was the owner of the furniture\r\nstore who named DarkSide as the threat actors, and who stated that the firm would not be paying any ransom.\r\nAs of today, the notice saying that the store is still not functioning remains on their web site (the English version):\r\nIMAGE: DATABREACHES.NET\r\nBut also of note, today Chum1ng0 noticed that REvil (Sodinokibi) threat actors listed this attack as their work,\r\nand claim to have more than 175 GB of data:\r\nWe downloaded a lot of interesting information from your network. All data are fresh and will be stored\r\non our CDN servers for the next 6 month if you do not pay.\r\nIf you need data leak proofs, we are ready to provide them.\r\nhttps://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/\r\nPage 1 of 3\n\nIMAGE: DATABREACHES.NET\r\nConsistent with their usual practice, they provided some screencaps of file trees.\r\nThe fact that they listed the firm on their leak site suggests that Möbelstadt Sommerlad’s owner has not changed\r\ntheir mind and is continuing to refuse to pay any ransom, but without email and with their Facebook page not\r\navailable, it’s difficult to confirm this with them.\r\nMöbelstadt Sommerlad;s Facebook page on May 26, 2021. IMAGE: DATABREACHES.NET\r\nhttps://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/\r\nPage 2 of 3\n\nWhat the listing by REvil does confirm, however, is some frequent speculation that DarkSide and REvil had a\r\ncollaborative or cooperative relationship somehow. Did one of DarkSide’s affiliates now take their data to REvil\r\nto help them with the extortion attempt? Perhaps.\r\nIn collaboration with Chum1ng0. Post-publication, I learned that this was first reported on Twitter by @z0man,\r\nso credit to him.\r\nSource: https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/\r\nhttps://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/"
	],
	"report_names": [
		"a-former-darkside-listing-shows-up-on-revils-leak-site"
	],
	"threat_actors": [],
	"ts_created_at": 1776912843,
	"ts_updated_at": 1777083574,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e6205ca031df4ebbf866535fc3ca6bbd6b5d6866.pdf",
		"text": "https://archive.orkl.eu/e6205ca031df4ebbf866535fc3ca6bbd6b5d6866.txt",
		"img": "https://archive.orkl.eu/e6205ca031df4ebbf866535fc3ca6bbd6b5d6866.jpg"
	}
}