Mandiant: No Evidence Of LockBit 2.0 Ransomware Attack ‘At This Point’

The LockBit 2.0 ransomware-as-a-service group is threatening to release files from Mandiant, the cybersecurity firm now in the process of being acquired by Google, but Mandiant said it has not seen evidence of such an attack so far.


Mandiant said that, contrary to reports of an attack on its system by the LockBit 2.0 ransomware group, it has seen no such attacks.

Several news outlets led by Cyberscoop Monday reported that LockBit posted a notice on its dark web portal that it plans to release data from the Reston, Va.-based cybersecurity vendor by the end of the day Monday.

A Mandiant spokesperson, in an emailed response to a CRN request for more information, wrote there is no evidence that LockBit has such a plan, and that while some data was released, it was not taken from Mandiant systems.

Sponsored post

[Related: Accenture LockBit Ransomware Attack: 5 Things To Know]

“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops,” Mandiant wrote.

News about the possibility of such an attack comes as Mandiant is in the process of being acquired by Google in a deal valued at about $5.4 billion inclusive of Mandiant’s net cash that would make Mandiant part of Google Cloud. News of the reported attack is also happening on the first day of the RSA Conference, one of the world’s most notable cybersecurity conferences.

Mandiant in June published a report about LockBit in which it said that the U.S. Treasury Department‘s Office of Foreign Assets Control (OFAC) has sanctioned LockBit, calling it “Evil Corp.” Since the sanctions were unveiled, affiliates of the Evil Corp. changed their approach after the sanctions which had resulted in enough awareness of the ransomware activities that ransom payments dropped.

According to Cyberscoop, organizations that were successfully attacked by the LockBit 2.0 variant include a refugee agency in Bulgaria and the French Ministry of Justice.

Global systems integrator Accenture in August said it contained a LockBit ransomware attack, but cybersecurity industry observers noted that some Accenture confidential data was released.

Evil Corp. and LockBit are serious threats, and even managed to successfully attack Accenture and others, said Daniel Lakier, security solutions consultant at Anexinet, a Blue Bell, Pa.-based solution provider.

“But they have lied in the past, thinking people would be ready for a shakedown,” Lakier told CRN. “In this case, they are saying they breached Mandiant just as it’s getting ready to be acquired by Google.”

Lakier, who is also an analyst at GigaOm, said he has talked with a few people, and the consensus is that there was not breach at Mandiant.

“If Mandiant was breached, it would be in its best interest to talk about it right away,” he said. “Evil Corp. is real. LockBit 2.0 is also real. And they have been recently been much more relevant as the Russian government is looking at ways to increase revenue in the face of sanctions.”