Darktrace, a cybersecurity firm based in Cambridge, England, clarified on Thursday that it was not hit with ransomware after being mistakenly added to the LockBit gang’s leak site. The gang had accused Darktrace of monitoring their activities and posted the company on its site.
However, cybersecurity experts noted that the gang may have confused Darktrace with a cybersecurity Twitter account called Darktracer, which had criticized the ransomware group for falsely claiming to have attacked certain companies. Darktracer had tweeted on Wednesday about LockBit’s declining reliability, pointing to dummy text and meaningless data on the group’s leak site that appeared to have been neglected.
Darktrace stated that none of LockBit’s social media site posts were linked to any compromised Darktrace data. The company is closely monitoring the situation and its current investigation suggests that its systems remain secure, and customer data is fully protected.
LockBit has previously added cybersecurity firms to its leak site out of anger. For instance, last year the group added Mandiant to its leak site after the company published a blog post linking LockBit to Evil Corp, a Russia-based cybercriminal group responsible for hundreds of cyberattacks since 2007. Such a blog post could make ransomware victims hesitant to pay the ransom.
However, it was later found that LockBit had not breached any of Mandiant’s systems and had merely added the company to its leak site as a retaliation against the blog post. Similarly, the Cl0p ransomware group added the wrong water provider, Thames Water, to its victim list in August 2022 when it attacked South Staffordshire PLC.
Story Credit
