DarkSide ransomware attacked Brenntag, one of the world’s largest chemical distribution companies (Germany-headquartered, North America division targeted), on approximately April 28 2021. The attackers exfiltrated 150 GB of data from the North America division before encrypting devices. DarkSide initially demanded $7.5M. After negotiation Brenntag paid 133.65 BTC ($4.4M USD) ransom on May 11 2021 in exchange for a decryptor and deletion of stolen files. The attack occurred two weeks before DarkSide’s more prominent Colonial Pipeline attack. Brenntag confirmed the incident but declined to share details about which customer or supplier data was affected.