Lockbit Claims to Ransom Cyber Giant Mandiant

Some breaking news during RSA week. The Lockbit ransomware gang has claimed to have hit Mandiant with a ransomware attack, threatening to expose ‘All Available Data’ in 6 days.


Chris Olson, CEO, The Media Trust, a digital safety provider, provided his insights on the claimed breach:

“With Mandiant claiming “we do not have any evidence” to support LockBit’s claim, this is a developing story which we should take with a grain of salt. In the past, LockBit has posted names on its website only to drop them without explanation – it has also stolen data from organizations through a third-party vendor while falsely claiming to have breached its victims directly. Until more information emerges, the Mandiant story may go in either of those directions.

LockBit acts on a ransomware-as-a-service (RaaS) model, meaning the actors who may have initiated this breach cannot be directly identified. This could be a useful tactic for the enemies Mandiant has acquired since it first began operating at the frontlines of global cyberwarfare. In 2013, it implicated Chinese actors in cyber espionage – in 2020, it helped investigate Russian groups responsible for the SolarWinds hack. More recently, it has been tracking the Russia-based cybercriminal group ‘Evil Corp’, which has begun working with LockBit to evade U.S sanctions.

For now, we don’t know if LockBit’s claims are true. But if they are, they could have serious implications for cybersecurity research firms who are increasingly ending up in the crosshairs of global cyber actors.”


###