Darktrace Research Reveals No Proof Of LockBit Compromise

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Apr 14, 2023 12:30 pm PST

On Thursday, the cybersecurity firm Darktrace released a statement after being mentioned on the LockBit ransomware group’s breach website. We learned of tweets from the cybercriminal LockBit earlier this morning, which claimed to have infiltrated Darktrace’s internal security systems and accessed our data. Our security specialists have thoroughly examined our internal systems and have found no signs of compromise, according to Darktrace.

“No compromised Darktrace data are linked to in any LockBit social media posts. We are sure our systems are still secure and all client data is completely protected based on our current investigations. Still, we will continue to monitor the situation very attentively. The declaration was made in response to a post indicating that the ransomware group had targeted Darktrace on LockBit’s leak website. The post implied that Darktrace data had been stolen, and thieves demanded a $1 million ransom.

Darktrace does not appear to have been compromised by LockBit or even targeted. Rather, it appears that the entry on the LockBit leak website is a response to a recent tweet from the unrelated threat intelligence firm DarkTracer from Singapore. About the trash data being released on the LockBit leak website, DarkTracer stated on Wednesday that “the reliability of the RaaS service offered by LockBit ransomware gang seems to have diminished.”

It appears that the bogus data on the LockBit website was test data that the hackers released while performing maintenance. Because of the accusations made by DarkTracer, the hackers mistook it for Darktrace UK and released a post claiming to have hacked Darktrace. For ransomware gangs, such errors are commonplace.

The fact that LockBit did not directly target DarkTracer is also essential to notice. Last year, LockBit claimed to have stolen hundreds of terabytes of data from cybersecurity company Entrust. The business acknowledged that its internal operating systems had been compromised and some files had been taken, but it hasn’t yet made further disclosures about the scope of the hack.

In the past, LockBit had a history of making exaggerated statements about cybersecurity firms. It was discovered that there had not been a hack and that the organization had just made up the allegations as retaliation for a story linking them to Evil Corp. last year when they claimed to have stolen hundreds of thousands of data from Mandiant.

LockBit feared that being affiliated with Evil Corp might hinder ransomware victims from paying because the company is on the US government’s list of sanctioned parties.


After the LockBit ransomware gang added an entry to its dark web leak platform, suggesting that they stole data from the company’s servers, the cybersecurity company claims it has not found proof that the organization infiltrated its network. After the group listed DarkTrace as a victim on its data leak website, the business launched an inquiry but discovered no proof of a system breach. Darktrace stated, “Our security specialists have conducted a thorough investigation of our internal systems and can find no signs of compromise.”

After carefully examining their systems, Chief Information Security Officer Mike Beck of the corporation stated the same conclusion on Friday. Following yesterday’s tweets by LockBit alleging they had infiltrated Darktrace’s internal systems, Beck said, “We have concluded a thorough security assessment. “We can vouch that neither our systems nor affiliates have been compromised. There is no need for further action; our service to our clients continues to run normally.” LockBit made a mistake when it mistook Darktrace for threat intelligence firm DarkTracer, which tweeted about the leak site of the gang being inundated with fictitious victims.

According to DarkTracer, the LockBit ransomware gang’s RaaS service looks to be less reliable. The list, which is being left unmanaged, has started to fill up with bogus victims and irrelevant data, suggesting that they have gotten careless in monitoring the service. LockBit has claimed in the past that it intentionally or unintentionally gained access to the networks of cybersecurity companies. The ransomware gang added Mandiant to their leak website in June of last year and announced that more than 350,000 files they had purportedly stolen will be made public.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x