LockBit Adds California Department of Finance to List of Victims
In a post to its dark web portal on Monday, LockBit said the stolen data includes databases, financial files, and, oddly enough, “sexual proceedings in court.” Though no specifics on the ransom amount have been provided, LockBit has been known to demand tens of millions of dollars for the safe return of sensitive data. While the California Department of Finance handles the state’s budgeting, it does not have direct access to taxpayer funds or government bank accounts. In an official statement, the California Governor’s Office of Emergency Services said that a multi-agency investigation was underway. “While we cannot comment on specifics of the ongoing investigation, we can share that no state funds have been compromised,” the agency said. The office also said it will continue it’s work preparing the governor’s budget proposal due Jan. 10. Although the Governor’s Office provided limited details on the cyber intrusion, Emsisoft threat analyst Brett Callow posted a screenshot from LockBit’s dark web portal on Monday via Twitter. The dark web notice by “LockBit 3.0” clearly states the Dec. 24 ransom deadline for what the group claimed it had stolen, including “databases, confidential data, financial documents, certification, court, and sexual proceedings in court, IT documents and more…” Callow also added that the threat should be taken with a grain of salt. “It should be noted that not all of LockBit’s past claims have been true.” LockBit was behind a ransomware attack affecting global consulting firm Accenture in August 2021 when it had demanded a $50 million payment. However, the gang ended up not releasing any sensitive files when its ransomware countdown timer first ran out.
LockBit Is One of the Most Dangerous Ransomware Outfits
Even though ransomware demands can be looked at skeptically, cybercrime syndicates — LockBit included — certainly shouldn’t be taken lightly. LockBit is a relatively new elite-tier ransomware gang, the activity of which has been traced between 2019 and 2020. Initially, it was part of a cybercriminal cartel that comprised a handful of various other notorious ransomware groups like Maze, RagnarLocker, and SunCrypt. LockBit now often finds itself ranked among the most dangerous ransomware gangs in the world alongside others such as Conti, and yet another prolific ransomware-as-a-service operator known as Hive. In November, LockBit said it was behind a cyberattack on German automotive giant Continental AG. The group’s current iteration, LockBit 3.0, has been traced since June 2022, according to cybersecurity firm SentinelLabs. “Around June of 2022, operators and affiliates behind LockBit ransomware began the shift to LockBit 3.0. Adoption of LockBit 3.0 by affiliates has been rapid, and numerous victims have been identified on the new “Version 3.0″ leak sites, a collection of public blogs naming non-compliant victims and leaking extracted data,” SentinelLabs said. For those concerned about their business networks, large and small, our full guide to ransomware can offer you tips on how to prevent and remove what the world’s largest insurer Allianz and several other industries consider the “top cyber exposure of concern” this year.
