According to a Mandiant representative, the company was aware of LockBit 2.0 claims, but there was no evidence of a cyberattack as yet.
The infamous ransomware-as-a-service group using a variant of LockBit ransomware (LockBit 2.0) has claimed to have successfully hacked Mandiant cybersecurity firm and threatened to release company files.
The ransomware gang was first seen in September 2019 as ABCD ransomware and has since targeted thousands of organizations worldwide. In its latest attack, the LockBit ransomware gang claimed that it would release Mandiant data on its Dark Web portal.
The group further claimed that they have stolen 356,841 files from Mandiant, which they intend to leak online. For your information, LockBit 2.0 has hit many high-profile entities in the past including the following:
No Evidence of Hacking- Mandiant
According to a Mandiant representative, the company was aware of LockBit 2.0 claims, but there was no evidence of a cyberattack as yet. After LockBit 2.0 posted its second threat message late Monday, the company released a statement.
In response, the company rep stated that there’s no indication that Mandiant’s security was compromised. Moreover, they noted that the gang could be trying to “disprove Mandiant’s June 2nd, 2022 research blog on UNC2165 and LockBit.”
The Bone of Contention
The group has reportedly reacted to Mandiant’s report (published on June 2nd, 2022) in which the company claimed that the off-the-shelf ransomware LockBit 2.0 was in use by the Russian Evil Corp affiliates dubbed UNC2165 to evade sanctions.
This group was sanctioned by the U.S. Treasury Department‘s Office of Foreign Assets Control (OFAC) in 2019. However, LockBit 2.0’s website displayed a note posted by the group claiming that they didn’t have any affiliation with Evil Corp and rejected Mandiant’s claims in the report.
“Our group has nothing to do with Evil Corp. We are real underground darknet hackers, we have nothing to do with politics or special services like FSB, FBI, and so on.”
As seen by Hackraed.com, the gang has released a note maintaining its claims of attack on Mandiant and addressing the company’s report published last week.
As per Emsisoft threat analyst Brett Callow, this group has previously made several false claims. In some cases, the group claimed to steal data from different firms, so it is “entirely possible” that the claims made by LockBit 2.0 have no substance.
The timing of the disclosure of this attack on Mandiant is unusual as it comes when the RSA cybersecurity conference has just started, and Mandiant is to be acquired by Google in a whopping $5.4 billion deal.
More Ransomware News
- Ransomware Attacks: Everything You Need to Know
- Conti Ransomware Gang Hits German Wind Turbine Giant Nordex
- GoodWill Ransomware demands food for the poor to decrypt locked files
- Cardiologist Charged for Developing Jigsaw v.2 and Thanos Ransomware
- PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Network