"LockBit 2.0 Gang Claims Mandiant as Latest Victim; Mandiant Sees no Evidence of it"
Recently, a prominent ransomware group claimed it had successfully attacked cybersecurity giant Mandiant and would release company files. The ransomware group posted a note slamming Mandiant’s recent research linking it to a separate, sanctioned cybercrime group. LockBit 2.0 originally claimed on its dark web portal that it would release Mandiant files late Monday. A Mandiant spokesperson stated that the company was aware of the claims but saw no evidence to support them. The spokesperson noted that it appears that the ransomware group is trying to disprove Mandiant’s June 2, 2022, research blog on UNC2165 and LockBit. On June 2, Mandiant published an analysis suggesting that affiliates of Evil Corp., a long-running cybercrime group that the U.S. government sanctioned in 2019, had turned to using LockBit 2.0 off-the-shelf ransomware to evade sanctions. A note posted to LockBit 2.0’s website late Monday called Mandiant “not professional” and denied any connection with Evil Corp. Brett Callow, a threat analyst with cybersecurity firm Emsisoft who follows the ransomware ecosystem closely, said the group has “made a number of false claims in the past.”