Mandiant said that, contrary to reports of an attack on its system by the LockBit 2.0 ransomware group, it has seen no such attacks.
Several news outlets led by Cyberscoop Monday reported that LockBit posted a notice on its dark web portal that it plans to release data from the Reston, Va.-based cybersecurity vendor by the end of the day Monday.
A Mandiant spokesperson, in an emailed response to a CRN request for more information, wrote there is no evidence that LockBit has such a plan.
[Related: Accenture LockBit Ransomware Attack: 5 Things To Know]
“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops,” Mandiant wrote.
News about the possibility of such an attack comes as Mandiant is in the process of being acquired by Google in a deal valued at about $5.4 billion inclusive of Mandiant’s net cash that would make Mandiant part of Google Cloud. News of the reported attack is also happening on the first day of the RSA Conference, one of the world’s most notable cybersecurity conferences.
Mandiant in June published a report about LockBit in which it said that the U.S. Treasury Department‘s Office of Foreign Assets Control (OFAC) has sanctioned LockBit, calling it “Evil Corp.” Since the sanctions were unveiled, affiliates of the Evil Corp. changed its approach after the sanctions which had resulted in enough awareness of the ransomware activities that ransom payments dropped.
According to Cyberscoop, organizations that were successfully attacked by the LockBit 2.0 variant include a refugee agency in Bulgaria and the French Ministry of Justice.
Global systems integrator Accenture in August said it contained a LockBit ransomware attack, but cybersecurity industry observers noted that some Accenture confidential data was released.
On June 2, Mandiant said on its website that it has “investigated multiple LockBit ransomware intrusions attributed to UNC2165, a financially motivated threat cluster that shares numerous overlaps with the threat group publicly reported as ‘Evil Corp.’”