Darktrace has revealed that it wasn’t breached by LockBit ransomware after all, following initial fears that the firm had suffered a damaging attack.
An internal investigation found no evidence of compromise, with company CISO Mike Beck publishing an updated statement (opens in new tab) regarding LockBit’s previous announcements of the attack, saying Darktrace operates uninterrupted and that its systems, as well as those of its affiliates, remain secure.
“We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems,” the announcement reads. “We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.”
Wrong place, fake data
In its report, BleepingComputer argues that LockBit’s operators might have made a mistake, confusing Darktrace with a threat intelligence company called DarkTracer. This firm reported on a ransomware attack from LockBit, which ended up stealing fake customer data.
“The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined,” the company said. “They appear to have become negligent in managing the service, as fake victims and meaningless data have begun to fill the list, which is being left unattended.”
It seems as leaving bogus data for hackers to steal and feel good about themselves is growing into a real trend. Less than a month ago, threat actors Clop used a flaw in the GoAnywhere file-transfer service to compromise retailer Saks Fifth Avenue with malware (opens in new tab) and steal its data. It turned out – the information they had stolen was fake.
“Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks,” a Saks spokesperson told the publication. “The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes.”
Via: BleepingComputer (opens in new tab)
