BENGALURU: On October 6, 2023, the Lockbit ransomware group made headlines when they boldly claimed responsibility for attacking Tata Tele Business Services. The group threatened to release sensitive data as proof of their breach, eventually exposing multiple organisations’ confidential information. However, a closer examination of the data by the research team of cybersecurity firm CloudSEK reveals a surprising twist, as the administrator name indicates that the breached data actually belongs to a real estate firm, not Tata Tele Business Services.
Unveiling the Exfiltrated Data
The Lockbit ransomware group initially claimed to have exfiltrated critical data from Tata Tele Business Services. To substantiate their claims, they on October 14, 2023 posted approximately 17 images of the breached data. These images contained a wealth of sensitive records and documents from various organizations, including financial data, confidential correspondence, credit ratings, business communications, and international banking records. The breach also exposed private financial and corporate information, posing significant risks to financial security and confidentiality.
Lockbit Ransomware Group Analysis
The Lockbit ransomware group, previously known as ABCD ransomware and affiliated with the Maze ransomware cartel, began operating independently in September 2019. In June 2021, they rebranded themselves as Lockbit 2.0, rapidly gaining recognition and becoming one of the most prominent Ransomware-as-a-Service (RaaS) providers in 2021.
Lockbit 2.0 continued to make waves in the first quarter of 2022, contributing 46% of all leak data provided by ransomware groups during this period. This significant impact established Lockbit 2.0 as the most impactful RaaS for five consecutive months since its inception.
On June 27, 2022, Lockbit 3.0 was officially launched, bringing several major changes to the ransomware landscape. Among these changes was a new extortion model with three pricing options, designed to increase pressure on targeted companies.
The false attribution of the Lockbit ransomware group’s attack to Tata Tele Business Services has raised several concerns. These include potential financial losses associated with remediation efforts, damage to the company’s reputation, and the exposure of IP addresses and login credentials, which can lead to account takeovers. Additionally, the release of personally identifiable information (PII) could empower other threat actors to orchestrate social engineering schemes, phishing attacks, and identity theft.
Moreover, victims may find themselves in a precarious situation if the encrypted system contains critical data that is not backed up, as they may be left with no choice but to pay the ransom. Failure to comply with the ransom demand could result in the group selling the victim’s data on their PR site or on the dark web, making it accessible to the public, competitors, and other threat actors.
Follow The420.in on