Mandiant, an American cybersecurity firm, is looking into claims made by the LockBit ransomware group, claiming they penetrated the company’s network and stole data. The ransomware gang recently said that the 356,841 files they purportedly took from Mandiant would be posted online on a new page on their data leak website.
“All available data will be published!” timer on the gang’s dark web leak site warns that there are just under three hours till the countdown ends. LockBit has yet to divulge what files it claims to have stolen from Mandiant’s infrastructure because the file listing on the leak website is empty.
However, a 0-byte file named ‘mandiantyellowpress.com.7z’ appears to be associated with the mandiantyellowpress[.]com domain (registered today). This page redirects visitors to the ninjaflex[.]com website. When asked for further information about LockBit’s allegations, the threat intelligence firm indicated it hadn’t yet discovered evidence of a breach.
“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops,” said Mark Karayan, Mandiant’s Senior Manager for Marketing Communications.
These assertions come after Mandiant disclosed last week that the Russian Evil Corp cybercrime gang had resorted to distributing LockBit ransomware on targets’ networks in order to circumvent US sanctions. In March, Mandiant revealed that the company had signed a formal agreement to be acquired by Google in an all-cash deal worth $5.4 billion.
The LockBit ransomware group has been operating as a ransomware-as-a-service (RaaS) since September 2019 and was relaunched in June 2021 as the LockBit 2.0 RaaS after ransomware operators were barred from posting on cybercrime forums. In August 2021, Accenture, a Fortune 500 corporation and one of LockBit’s victims, acknowledged that it had been hacked after the gang demanded a $50 million ransom for not exposing data seized from its network.
In February, the FBI issued a flash warning containing technical data and signs of a breach connected with LockBit ransomware attacks, urging firms targeted by this RaaS’ affiliates to report occurrences to their local FBI Cyber Squad as soon as possible. According to cybersecurity firm Sophos, a LockBit affiliate lurked around the network of a US local government agency for months before distributing the ransomware payload.