Press Release
Updated statement regarding LockBit claims
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.
Press Release
Statement regarding LockBit claims
Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.
Press Release
Leading Multinational Technology Manufacturer Stops Babuk Ransomware with Darktrace AI
Leading Multinational Technology Manufacturer Stops Babuk Ransomware with Darktrace AI
Darktrace, a global leader in cyber security AI, today announced that a leading multinational technology manufacturer successfully interrupted Babuk ransomware with Darktrace’s Autonomous Response technology, Antigena.
Headquartered in Asia, the company designs and manufactures technology solutions that facilitate the adoption of smart medical devices as well as electric and autonomous vehicles and is a key industry player.
The organization was using Darktrace’s detect, respond and investigate capabilities. The Self-Learning AI forms a constantly evolving understanding of both IT and operational technologies at the company, allowing it to identify the subtle, emerging signs of cyber-threats in real time.
In the early hours of the morning, Darktrace AI detected that a device within the business was behaving abnormally; it was performing network scanning and making unusual connections with other internal devices. The AI not only noted this behavior as out-of-the-ordinary but as malicious.
The algorithms then calculated the best action to take to autonomously contain the in-progress attack and blocked the infected device from making further connections while allowing normal business operations to continue – both in the office and on the manufacturing floor. These algorithms work by enforcing the normal ‘patterns of life’ for compromised users and devices. This proportionate and highly targeted response is possible because of the AI’s continually evolving understanding of what ‘normal’ looks like at a granular level for each part of the company’s digital ecosystem.
In post-compromise analysis conducted by the AI, it was found that the device was attempting to distribute files involving ‘babyk’ extensions.
Babuk, a double-extortion ransomware threat discovered in 2021, is a sophisticated campaign that has actively targeted high-value organizations around the world. Operators have inflicted damage not only by encrypting files and crippling systems, but also threatening to leak sensitive data if ransom payment is not received.
The attempted attack follows warnings from government agencies about a global rise in cyber-threats, particularly those targeting critical infrastructure and organizations embedded in global supply chains. Ransomware attacks, such as those above, are effective ways for nation states to carry out espionage, disrupt society and flex their muscles on a global stage.
“Babuk ransomware began its life as a Ransomware-as-a-Service (RaaS) tool, but since its source code was leaked in July, it has been adopted by a number of cyber-criminal groups to be used in different ways,” commented Toby Lewis, Head of Threat Analysis, Darktrace. “These attacks often strike out of hours and so it has never been more critical that defenders of critical infrastructure are using artificial intelligence to allow their organizations to self-defend against advanced threats.”