LockBit repeats ‘PR stunt’ as Thales ransomware investigation reveals no breach

Getty Pictures

An investigation by Thales has identified no evidence that the LockBit ransomware organistion successfully attacked its programs, adhering to threats by the group to publish stolen company details on hacker community forums.

On Tuesday, the French multinational publicly stated that it experienced viewed posts on the dark web by ransomware group LockBit 3., saying to have stolen facts from Thales and threatening to put up it on the web on 7 November. The company rapidly educated the Agence nationale de la sécurité des systèmes d’information (ANSII), and commenced an interior investigation.

However, the investigation has identified no proof of exfiltrated data, nor even any trace of intrusion into enterprise units. At the time of writing, the team has not posted additional threats nor supplied the enterprise with evidence of the attack.

“On Monday, October 31, 2022, the LockBit 3. extortion and ransomware team has introduced plans to release details on 7 November 2022 at 06:29 UTC,” a Thales spokesperson explained to IT Pro.

“As of currently, Thales has not recognized any trace of effects on – nor intrusion into – its facts methods.

“Besides, we have not obtained any direct ransom notification. A focused crew of security industry experts systematically investigates this type of predicament. We carefully observe each allegation connected to information theft as security of knowledge continues to be our vital precedence.”

Thales has an lively purpose in offering methods to much more than 30,000 business buyers which includes these in the defence sector, and is the major contractor for NATO innovative missile and air defence systems.

Its partners include things like a quantity of governments, telecoms companies and economic institutions, to whom it provides products and services this sort of as biometrics programmes, fiscal providers, and knowledge encryption.

LockBit’s historic stunts

This is not the initially time that the LockBit team has posted that it has produced statements about getting attacked a organization, only for it to be uncovered that no these attack was designed. 

In June 2022, the team claimed that it experienced breached the network of cyber security big Mandiant and posted a see on its website declaring that the launch of extra than 350,000 stolen corporation information was imminent.

However, Mandiant hardly ever located proof that these types of an attack had taken spot, and the countdown to the leak on LockBit’s website came and went with no the knowledge ever remaining revealed.

A McAfee blog write-up included a related claim by LockBit, in which it mentioned that it experienced stolen data from smart security business Northwave, which also under no circumstances found proof that its compromised programs professional any facts exfiltration.  

Available by means of the ransomware as a support (RaaS) model, and in use by a quantity of other menace actors these as sanctioned Russian group ‘Evil Corp’, it is hard to categorically backlink the use of LockBit ransomware strains with the group. 

LockBit continues to be the most extensively-made use of strain in attacks, and in August vowed to be ‘more aggressive’ after being strike by a large distributed denial of services (DDoS) attack.

It accounted for 35.1% of all ransomware activity in Q3 2022, even as ransomware action declined a bit. Its meteoric increase has been joined, in aspect, with the demise of rival group Conti, which ceased all action in June pursuing a public attack on the Costa Rican govt and subsequent threat to overthrow it if the $20 million ransom was not compensated in entire.

Some sections of this post are sourced from:
www.itpro.co.uk