Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group.
The Dena cyberattack was revealed through a post on the threat actor's dark web platform, where they disclose data breach incidents and add affected entities to their growing victim list.
Dena has previously faced the ALPHV ransomware group, but now faces a new threat from the LockBit gang, which has issued a menacing ultimatum with a December 26, 2023 deadline.
The threat actor claims to have launched an attack on the agency's website.
Dena confirmed the cyberattack, but didn't provide details.
On November 23, the agency issued a new statement saying that it could be reached by email and phone again, but that it could not rule out the possibility that data processed by its business contacts had been compromised as a result of the cyber attack.
At the time, it was stated that the specific data that was leaked was still being investigated by a group of IT forensic experts, according to the German publication Golem.
The agency did not confirm that the attack was caused by ransomware.
The threat actor's assurance that the compromised data will be published by the specified deadline heightens the gravity of the situation.
Lockbit is one of the most active ransomware gangs in the world, and it has recently been responsible for several high-profile cyberattacks.
This year, hackers blackmailed China's largest bank, the Industrial & Commercial Bank of China, the British postal service Royal Mail, as well as airplane maker Boeing and chip manufacturer TSMC. Lockbit generally seeks several million US dollars as ransom.
While the FBI has not explicitly linked LockBit to Russian origins, their public communications, which reflect a broadly anti-Western stance, imply affiliations with Russia and global affiliates.
The LockBit group not only recruits talent but also releases data from victims who refuse their demands via a dark web portal on The Onion Router network.
Adopting an unusual business model, the group assures victims that paying the ransom will result in the safe return of their data.
January 1, 2020 LockBit-named ransomware first seen on Russian-language based cybercrime forums.
June 1, 2021 Appearance of LockBit version 2 , also known as LockBit Red including StealBit, a built-in information-stealing tool.
October 1, 2021 Introduction of LockBit Linux-ESXi Locker version 1.0 expanding capabilities to target systems to Linux and VMware ESXi.
March 1, 2022 Emergence of LockBit 3.0 , also known as LockBit Black, that shares similarities with BlackMatter and Alphv ransomware.
September 1, 2022 Non-LockBit affiliates able to use LockBit 3.0 after its builder was leaked.
April 1, 2023 LockBit ransomware encryptors targeting macOS seen on VirusTotal [ 8 , 9 ]. If you want to learn more about Lockbit, read this dedicated article: LockBit Ransomware: Here's what you need to know.
This Cyber News was published on heimdalsecurity.com. Publication date: Thu, 14 Dec 2023 15:13:08 +0000