Share this article on:
Following claims by LockBit that Darktrace’s systems had been compromised, cyber security firm Darktrace has stated that it has verified that its systems were never breached.
Darktrace issued the statement on Thursday last week (13 April) after the LockBit ransomware group posted a number of tweets claiming to have accessed the cyber security organisation’s systems.
“Earlier this morning, we became aware of tweets from LockBit, the cyber criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data,” said the statement.
“Our security teams have run a full review of our internal systems and can see no evidence of compromise.
“None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations, we are confident that our systems remain secure, and all customer data is fully protected.”
The next day (14 April), the firm confirmed that its systems remained intact and that LockBit never had access.
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems,” said the chief information security officer at Darktrace, Mike Beck.
“We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.”
Cyber security experts are saying that LockBit had Darktrace with Darktracer, a cyber security monitoring service that had recently criticised the ransomware group for increasingly filling its list with fake data.
The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined. They appear to have become negligent in managing the service, as fake victims and meaningless data have begun to fill the list, which is being left unattended. pic.twitter.com/mfGhH93oYh
— Fusion Intelligence Center @ DarkTracer (@darktracer_int) April 12, 2023
There is no evidence to suggest Darktracer was hit by an attack either. LockBit responded to Darktracer’s critique, saying that the mass of fake data posted to its website was test data that hackers posted while doing system maintenance.
LockBit has previously added organisations to its site as revenge. Last year, cyber security firm Mandiant was added after it released a blog post tying the ransomware group to Russian-based cyber criminal group Evil Corp, a group which is on the US government’s sanctions list and was responsible for hundreds of attacks since 2007.
There was also no evidence that Mandiant was ever breached.
Like with Darktrace and Darktracer, LockBit had also confused organisations before, after demanding £65.7 million (roughly $114.5 million) from Royal Mail, when it meant to do from parent company Royal Mail International.