Press Release

April 14, 2023 11:42 AM

Updated statement regarding LockBit claims

Mike Beck, Chief Information Security Officer, Darktrace

We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.

Press Release

April 13, 2023 9:30 AM

Statement regarding LockBit claims

Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.


Press Release

Darktrace AI Stops Sophisticated Ransomware Attack at South African Financial Services Provider

Attackers Caught Using Email Credentials of C-Level Executives
Cambridge, UK
April 5, 2022
News coverage
News publication logo

Darktrace AI Stops Sophisticated Ransomware Attack at South African Financial Services Provider

April 5, 2022

Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology, Antigena, successfully stopped an in-progress ransomware attack that recently targeted a financial services company in South Africa.

The company, a growing firm providing various financial services to customers across South Africa, was trialing Darktrace AI when it was targeted by a ransomware attack. The AI technology had formed a unique understanding of the company’s ‘normal’ behavior across its digital estate so it could spot the subtle signs of a threat and fight back at machine speed.

In the early morning hours in mid-March 2022, Darktrace AI detected that a mail server within the company was making unusual HTTP connections to an external endpoint, indicating communication with a malicious server on the Internet. Equipped with an understanding of the organization’s ‘normal’ operations, the AI instantly identified that this behavior was abnormal and potentially threatening.

The compromised mail server subsequently attempted to perform reconnaissance and lateral movement. Attackers were using 11 employees’ credentials during the incident, including those belonging to C-level executives. Following this, additional machines in the organization began communicating with the malicious external server.

Darktrace’s Autonomous Response technology then took action to interrupt further communication with the malicious server on the Internet across the organization, while allowing the previously learned, regular behavior of machines to continue. The response was targeted and proportionate, avoiding disruption to normal business operations. After the attack was contained, the company’s security team and dedicated Darktrace experts were able to conduct a full investigation to ensure that the attack was fully contained.

“The speed and scale of ransomware attacks today makes it absolutely critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process,” commented Max Heinemeyer, VP of Cyber Innovation, Darktrace. “It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”

About Darktrace

Share this article
More Darktrace news