DarkTracer questioned the reliability decline of the LockBit ransomware group, and LockBit responded by posting a ransom message targeting DarkTrace on its dark web blog

"ODN" found that after the dark web threat intelligence company DarkTracer questioned the reliability of LockBit ransomware gang's RaaS (Ransomware-as-a-Service) operation, LockBit ransomware gang unexpectedly posted ransomware information targeting cybersecurity company DarkTrace on its dark web blog. It seems that the ransomware gang confused DarkTracer with DarkTrace.

On April 12th, DarkTracer, a dark web intelligence company based in Singapore, questioned the reliability of the LockBit ransomware gang's ransomware information on Twitter. The tweet stated that the reliability of the RaaS service operated by the LockBit ransomware gang seems to have declined, and the gang seems to have become negligent in managing the service, as false victims and meaningless data have started to appear in the ransom list, which is unmanaged.

The attached screenshot in the tweet shows fake lists such as 1.com and 123.com, with the content being the repetition of these domain names. This means that false data appears in the ransom list but has no maintenance personnel to manage it.

What's funny is that on April 13th, the ransomware gang added cybersecurity company DarkTrace to its ransom list on its dark web blog, complete with the company's logo and stated in the details.

darktrace.com

I love dark trace, thanks for following the testing of my updates. In case you're very interested, what you've scraped is testing improvements to server-to-server communication,
Poppy, would you like to go to a restaurant with me? you sexy <3

All available data published !

According to Wikipedia, Darktrace is a British-American information technology company specializing in cybersecurity. The company was founded in 2013 and is headquartered in Cambridge, UK, and San Francisco, California, USA. It is listed on the London Stock Exchange and is one of the components of the FTSE 250 Index.

After being named on the LockBit ransomware group's leak website, Darktrace released a statement on Thursday.

"Earlier this morning, we became aware of a post from the cybercrime group LockBit claiming that they had compromised Darktrace's internal security and accessed our data. Our security teams have conducted a thorough review of our internal systems and have found no evidence of any compromise." Darktrace said.

"All LockBit social media posts have not linked to any compromised Darktrace data. We will continue to monitor this closely, but based on our current investigation, we believe our systems remain secure, and all customer data is fully protected." it added.

The statement was made after a post on the LockBit leak website seemed to suggest that the ransomware group had targeted Darktrace. The post claimed that Darktrace's data had been stolen, and the cybercriminals demanded a $1 million ransom.

It's clear that DarkTracer and DarkTrace are two different companies, and LockBit ransomware group seems to have confused the two!!! Darktrace doesn't appear to have been breached by LockBit, let alone targeted. Instead, the newly added entry on the LockBit leak website is apparently in response to a recent tweet by the Singaporean dark web threat intelligence company DarkTracer, which has nothing to do with Darktrace.

In fact, the LockBit ransomware group has been falsifying data for a long time, such as when they added Mandiant to their ransom list after the cybersecurity giant released a report stating that "a sanctioned affiliate of the long-running cybercrime group Evil Corp turned to using the LockBit 2.0 ransomware to evade sanctions imposed by the U.S. government in 2019". However, they never released any Mandiant files, proving that they were fabricating data.