LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it

A prominent ransomware group claimed Monday it has successfully attacked cybersecurity giant Mandiant, and will release company files.

LockBit 2.0 — a ransomware-as-a-service variant that can claim thousands of victims around the world since it was first spotted as ABCD ransomware in September 2019 — posted a notice to its dark web portal Monday claiming it would release Mandiant files late Monday. There is no ransom demand posted to the page.

A Mandiant spokesperson told CyberScoop Monday that the company was aware of the claims, but “at this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops.”

Screenshot from the LockBit 2.0 web page claiming the group will release Mandiant files.

Mandiant is a prominent figure in the multibillion-dollar-per-year cybersecurity industry. In March the company announced that Google would acquire Mandiant for roughly $5.4 billion deal, and become part of Google Cloud.

The LockBit 2.0 post Monday did not identify what files the group had purportedly taken. Brett Callow, a threat analyst with cybersecurity firm Emsisoft who follows the ransomware ecosystem closely, said the group has “made a number of false claims in the past.”

“In some cases, it appeared they’d obtained data relating to Company A from an attack on Company B, but claimed A as the victim,” Callow told CyberScoop. “It’s also entirely possible that LockBit’s claims have no substance to them whatsoever. In fact, this may be the most likely explanation.”

On June 2, Mandiant published an analysis suggesting that Evil Corp., a long-running cybercrime group that the U.S. government sanctioned in 2019, had turned to using LockBit 2.0 ransomware to evade sanctions.

Past ransomware victims hit with the LockBit 2.0 variant include the Bulgarian state agency for refugees, the French Ministry of Justice and Accenture, which was unsuccessfully targeted for a $50 million ransom by the group.

A 2020 cyberattack on FireEye, the former parent company of Mandiant, revealed the beginnings of the so-called SolarWinds hack, which would later sprawl to include victims among federal agencies and major tech companies.

The post LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it appeared first on CyberScoop.


This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.