LockBit 2.0 announcement: real thing or vengeful trolling?
On June 6, on its portal on the dark web, LockBit 2.0, a ransomware operator, has announced the exposure of data allegedly stolen in a successful hack from Mandiant, a large and influential cybersecurity company. Considering the RSA 2022 conference opening on the same day in San Francisco, the message might bear a certain weight of publicity. Previously, Mandiant made a report unambiguously associating LockBit 2.0 with Evil Corp. More specifically, the researchers suggested that Evil Corp used the LockBit affiliate program to avoid detection. Claimed connection with the Evil Corp, a notorious ransomware group with a high probability of being the FSB’s digital warfare department, put LockBit 2.0 into a rage. The gang’s reply accused Mandiant of unprofessionalism and noted that LockBit 2.0 had no connection to EvilCorp or any state’s special services.
Mandiant, in turn, has informed that they were aware of the intimidation. By the way, LockBit 2.0 required no ransom; the story rather looked like vengeance. The company expressed doubts about the truthfulness of the promise to expose anything, giving no confirmation of any signs of a hack in June or earlier.
Brett Callow, a threat analyst at Emsisoft, a company specializing in ransomware counteraction, noted that LockBit 2.0 allowed itself to make flam statements before, so there is no need to take the browbeat with panic. The reputational shading any cybersecurity company would suffer, should such news be heard during a professional convention, is just another reason to believe the promise of data exposure is a vengeful prank.
The ransomware operators have promised to leak the stolen data soon without specifying what kind of data precisely they possess.
In March 2022, Mandiant value amounted to $5.4 billion for a deal with Alphabet (Google) that is yet to be stricken.