Russian-affiliated ransomware group Lockbit claims it has added nine new victims to its ever-growing list of scalps. One of them is said to be the Finance Department for the state of California.
The dark web threat allegedly posted by the group – which to date has claimed hundreds of high-profile organizations as victims – says data will be leaked if its demands are not met by December 24. However, the actual ransom demand was not specified by the analyst who publicized the attack on social media.
“Lockbit ransomware group added nine new victims,” cyber threat pundit Dark Feed, aka @ido_cohen2, posted on Twitter. “One of the victims is the Department of Finance of the State of California.”
At the time of publishing, Cybernews was unable to confirm the report, but another deep-web watcher, Falcon Feedsio, corroborated the Dark Feed claim, posting: "The Department of Finance, State of California, has been added to the list of victims by the Lockbit ransomware gang."
The rumor mill continued to churn after the initial Twitter announcement, with the social media platform playing host to subsequent claims that another threat actor, an initial access broker (IAB), was offering a way past the department's cyber defenses for $30,000 per breached server.
“Interesting that an initial access broker on telegram is allegedly selling access to the California department of finance at the same time as Lockbit claims to have hit it with ransomware,” tweeted Cyber Know. “Is their a connection between lockbit and this IAB?”
Cyber Know posted a screenshot of the 'sales pitch' from the dark web, which read: "We are selling low priv[ilege] access to this. At the moment we do have root access to this, but not much can be shared."
Cybernews has reached out to the Department of Finance in California for comment, but has yet to receive a response.
Your email address will not be published. Required fields are markedmarked