Security vendor Mandiant compromised by LockBit ransomware?

On June 6, local time, the “popular” ransomware team LockBit 2.0 asserted to have data from Google subsidiary Mandiant, a key player in the risk intelligence and case feedback space.

The LockBit group’s data breach web site currently details Mandiant.com as one of its victims, with a notice that “all available data will be released,” according to multiple news outlets. Previously in the day, the ransomware team revealed on its information breach website that 356,841 documents purportedly stolen from Mandiant would certainly be dripped online. A timer on the team’s dark web leakage website suggested that there were less than 3 hours till the countdown ended.

The LockBit group’s data violation website now notes Mandiant.com as one of its sufferers, with a notice that “all readily available information will be released,” according to numerous information outlets. Earlier in the day, the ransomware group revealed on its data breach site that 356,841 documents purportedly stolen from Mandiant would be leaked online. A timer on the group’s dark internet leakage website indicated that there were less than three hrs up until the countdown finished.

Mandiant rapidly released a statement in response to a reporter’s request for remark: “Mandiant knows these LockBit-related statements. We currently have no proof to back up their claims. We will continue to keep an eye on the scenario as it evolves.” The declaration was made by Mark Karayan, senior supervisor of marketing interactions at Mandiant, to BleepingComputer.

The LockBit announcement accompanies the begin of the RSA meeting, among the globe’s largest cybersecurity conferences, in San Francisco.

It likewise comes 4 days after Mandiant mentioned that there is proof that the danger team referred to as UNC2165 has actually deserted Hades for LockBit. According to the report, this is due to the fact that the team known as Evil Corp has been approved by the United States. According to Mandiant, UNC2165 seems an associate of Wickedness Corp, so the shift in ransomware stress could be an attempt by the group to distance itself from the approved entity.

FireEye paid $1 billion for Mandiant in December 2013. After Harmony Modern technology Group paid $1.2 billion for FireEye in June 2021, Google paid $5.4 billion for Mandiant with the intent of integrating it into its Google Cloud department.

Emsisoft risk analyst Brett Callow cautions against taking LockBit’s claims at face value.

After ransomware individuals were prevented from uploading on cybercrime discussion forums, the LockBit ransomware gang relaunched as LockBit 2.0 RaaS in June 2021. “LockBit utilizes a Ransomware-as-a-Service (RaaS) design, which suggests there is no way to straight determine the stars that may have launched this exploit.

” At this time, we don’t recognize if LockBit’s insurance claims hold true. But if so, they can have serious implications for cybersecurity study firms, which are significantly being targeted by international cyber players.”

Previous ransomware sufferers of LockBit 2.0 versions include the Bulgarian National Agency for Refugees, the French Ministry of Justice and Accenture.

How should enterprises ensure data security?

The establishment of two or more sets of IT systems with the same function in remote locations, capable of monitoring the health status and switching functions, is referred to as disaster recovery. When one system fails due to an accident (such as a fire or an earthquake), the entire application system can be switched to another location so that the system functions can continue to function normally. Backup and disaster recovery are two distinct concepts. 

The goal of disaster recovery is to ensure the normal operation of information systems in the event of a disaster and to assist enterprises in achieving the goal of business continuity. Backup is used to address the issue of data loss caused by a disaster. Prior to the introduction of integrated disaster recovery and backup products, disaster recovery and backup systems were separate. The ultimate goal of disaster recovery and backup products is to assist businesses in dealing with human error, software error, virus invasion, hardware failure, natural disasters, and other issues.

Backup data on a regular basis to ensure business continuity. Only in this manner can the system be restored in time and business continuity ensured in the event of disasters or human errors.

How to choose an affordable and robust vm backup solution?

Vinchin Backup & Recovery allows you to recover the entire VM and all its data from any restore point (full backup, incremental backup, or differential backup) without affecting the original backup data. Backups that have been deduplicated or compressed can be recovered. It is an excellent solution for ensuring enterprise business continuity and minimising critical business interruptions caused by disaster or system failure.

You can also quickly validate backup data availability by instantly restoring the target VM to a remote location in a matter of minutes. Ascertain that, in the event of a true disaster, all VMs can be recovered and that the data contained within is not lost or damaged. Vinchin provides solutions such as VMware backup for the world’s most popular virtual environments, XenServer  backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, etc.