Darktrace, a UK-based cybersecurity firm, was mistakenly added to the leak site of the LockBit ransomware gang. The group posted a message criticizing Darktrace for allegedly monitoring its activities, but several cybersecurity experts believe that the group had confused Darktrace with Darktracer, a cybersecurity Twitter account that criticized LockBit for posting companies that had not been attacked.
Darktracer had called out LockBit’s poor management of their service, as the leak site contained dummy text and fake victims. In response, LockBit claimed that it was just posting test data as it tries to improve its leak site.
Darktrace denied being hit with ransomware after conducting a full review of its internal systems, and there was no evidence of compromise. However, this is not the first time LockBit has added a cybersecurity firm to its leak site out of anger.
Last year, the group added cybersecurity firm Mandiant to its leak site after the company tied the group to Evil Corp, a Russia-based cybercriminal group responsible for hundreds of cyberattacks. The U.S. Treasury Department had sanctioned Evil Corp, making ransomware victims wary of paying ransoms.
However, it was later revealed that LockBit had not breached any Mandiant systems and simply added the company to its leak site as retribution for the blog post.
In another case of mistaken identity, last August, the Cl0p ransomware group added the wrong water provider to its victim list, Thames Water, when it had actually attacked the provider South Staffordshire PLC.
These cases highlight the need for ransomware groups to improve their management and accuracy, as adding innocent companies to their leak sites can cause reputational harm and affect their credibility.
It is also essential for businesses to monitor these leak sites closely and ensure that their cybersecurity systems remain secure.
