The dark web monitoring team of iZOOlogic have recently spotted a data leak operation performed by the LockBit ransomware group following their release of critical files from an Indian consultancy firm, Teknowsource.
Teknowsource is one of India’s management consultancy firms, intending to help organisations run their commercial operations. The firm’s services include staffing and payroll, assisting in setting up office infrastructures, acquiring business licenses, and providing compliance management and liaison services.
As seen from LockBit’s data leak site, they initially uploaded a partial of Teknowsource’s data last December 20, 2022, with a deadline threat of January 10, 2023, in which the company’s entire stolen database would be leaked should they refuse to cooperate with ransom demands.
The Indian consultancy firm, Teknowsource, might not have paid LockBit ransomware’s demands– thus, the data leak.
It seemed like the Indian consultancy firm had reached the ransomware group’s established deadline without engaging with the ransom demands. On January 10, LockBit finally leaked Teknowsource’s stolen database on their leak site at 3:47:52 UTC.
According to our dark web monitoring team’s assessment, the ransomware group had leaked the firm’s corporate databases, consisting of website source code, a list of accounts owned by numerous telecommunication firms globally, and transaction invoices. This released information is now available for download to any actor interested in acquiring Teknowsource’s data.
Before releasing the consultancy firm’s data, the LockBit gang offered options for the company to evade the looming leak. These offers included $10,000 as the cost to extend the deadline by 24 hours and $75,000 as the cost to destroy all stolen information.
LockBit also offered a cost of $75,000 to any actor, the victim company included, interested in downloading Teknowsource’s data at any moment before the deadline.
The victimised company have yet to share any statement concerning the data leak incident.
Since they are one of the most active and prolific ransomware groups in the wild, cybersecurity experts have long warned organisations to be extremely cautious against potential attacks from the LockBit gang.
The most recent known activity from LockBit was on December 31, 2022, when they apologised to the Hospital for Sick Children (SickKids) and handed a free data decryptor, coming from a violated rule of one of their members for attacking a healthcare institution.
