Several companies in the energy and food industries have recently received threatening emails supposedly from DarkSide. In this email, the threat actor claims that they have successfully hacked the target’s network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 Bitcoins (BTC) is not paid. However, the content of the email leads researchers to believe that they did not come from DarkSide, but from an opportunistic low-level attacker trying to profit off the current situation and public awareness around DarkSide ransomware. The behavior behind this fraud campaign is very different from what DarkSide exhibited in its previous campaigns. DarkSide has always been able to show proof that they obtained stolen sensitive data. They also lead their targets to a website hosted on the Tor network. However, in this campaign, the email does not mention anything about proving that they have obtained confidential or sensitive information. Most likely, the people sending these email messages haven’t hacked into the targeted companies’ networks at all.