Heimdal
article featured image

Contents:

Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group.

The Dena cyberattack was revealed through a post on the threat actor’s dark web platform, where they disclose data breach incidents and add affected entities to their growing victim list.

ransom message lockbit dena, dark web

LockBit Ransomware’s Message (source)

Dena has previously faced the ALPHV ransomware group, but now faces a new threat from the LockBit gang, which has issued a menacing ultimatum with a December 26, 2023 deadline.

The threat actor claims to have launched an attack on the agency’s website.

Dena confirmed the cyberattack, but didn’t provide details

Dena confirmed the cyberattack on November 14. The press release from the time said it happened over the weekend before.

At the time, no one seemed to know who was behind the attack. Dena said it was “technically largely unable to work and could not be reached by telephone or email” soon after the attack.

On November 23, the agency issued a new statement saying that it could be reached by email and phone again, but that it could not rule out the possibility that data processed by its business contacts had been compromised as a result of the cyber attack.

Sensitive information, such as bank account numbers, may also be compromised. At the time, it was stated that the specific data that was leaked was still being investigated by a group of IT forensic experts, according to the German publication Golem.de.

The agency did not confirm that the attack was caused by ransomware.

The threat actor’s assurance that the compromised data will be published by the specified deadline heightens the gravity of the situation.

This looming deadline puts enormous pressure on Dena, but without confirmation of the breach from the organization, the threat actor’s claims remain suspect, explains The Cyber Express.

LockBit ransomware attacks, on the rise

Lockbit is one of the most active ransomware gangs in the world, and it has recently been responsible for several high-profile cyberattacks.

This year, hackers blackmailed China’s largest bank, the Industrial & Commercial Bank of China (ICBC), the British postal service Royal Mail, as well as airplane maker Boeing and chip manufacturer TSMC. Lockbit generally seeks several million US dollars as ransom.

LockBit has claimed to be the “Robin Hood” of ransomware groups, but their actions contradict that claim.

While the FBI has not explicitly linked LockBit to Russian origins, their public communications, which reflect a broadly anti-Western stance, imply affiliations with Russia and global affiliates.

Notably, the group advocates for the “ethical” use of ransomware, claiming that it does not target healthcare, education, charitable, or social service organizations.

The LockBit group not only recruits talent but also releases data from victims who refuse their demands via a dark web portal on The Onion Router (TOR) network. Adopting an unusual business model, the group assures victims that paying the ransom will result in the safe return of their data.

Table 1: Evolution of LockBit RaaS (CISA)

DateEvent
September 1, 2019First observed activity of ABCD ransomware, the predecessor to LockBit. [4]
January 1, 2020LockBit-named ransomware  first seen on Russian-language based cybercrime forums.
June 1, 2021Appearance of  LockBit version 2 (LockBit 2.0) , also known as LockBit Red including StealBit, a built-in information-stealing tool.
October 1, 2021Introduction of LockBit Linux-ESXi Locker version 1.0 expanding capabilities to target systems to Linux and VMware ESXi. [5]
March 1, 2022Emergence of  LockBit 3.0 , also known as LockBit Black, that shares similarities with BlackMatter and Alphv (also known as BlackCat) ransomware.
September 1, 2022Non-LockBit affiliates able to use  LockBit 3.0  after its builder was leaked. [ 2 ,  6 ]
January 1, 2023Arrival of LockBit Green incorporating source code from Conti ransomware. [7]
April 1, 2023LockBit ransomware encryptors targeting  macOS  seen on VirusTotal [ 8 ,  9 ]

If you want to learn more about Lockbit, read this dedicated article: LockBit Ransomware: Here’s what you need to know.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE