LockBit ransomware gang continues leaking data stolen from Thales, days after the French multinational company acknowledged a data theft but claimed that there had been no intrusion of its IT systems.
Thales designs, develops and manufactures electrical systems, devices, and equipment for the aerospace, defense, transportation, and security sectors globally. The company also offers cybersecurity services.
Lockbit 3.0 Ransomware Begins Leaking Thales Information
Lockbit ransomware on November 2 claimed to have stolen data from the company. The threat group launched the attack on October 31 and threatened the organization they’ll start releasing the data by November 7, 2022.
The data comprised private information about the employees, including their names and email addresses. With the addition of Lockbit 3.0 ransomware to the gang arsenal, the threat group has started releasing the company’s data.
Thales acknowledged on November 11 that the ransomware group has started releasing the company data on its leak site. According to the company, the data leak might have happened through the user account of a partner.
”At this stage, Thales is able to confirm that there has been no intrusion of its IT systems,” said the announcement, reiterating that there is no impact on the group’s operations and the company is providing the necessary technical support and resources to minimize any potential impact on customers and stakeholders.
As the gang has already started releasing some of the data packets, it could mean that the company might have refused to pay the ransom.
Thales and the recent cyberattacks
Thales has been the target of hackers for the last few months. This is the second LockBit attack on the company this year. The threat group initiated the first attack in January 2022 and followed the same method used in the recent attack. The company refused to pay the ransom in January.
Lockbit, then operating their 2.0 leak site, claimed responsibility for a cyberattack against the company on January 3. The company refused to pay the ransom, after which the ransomware gang exposed several hundred Zip files that contained internal tools, including computer code, for developers of Space Ops solutions from Thales Alenia Space, the space-exploration joint venture with Italian defense business Leonardo.
The Thales group then conceded that the data was exfiltration, most of which was copied from a code repository server “external to the group’s main information systems.