French defense firm denies ransomware attack after leak site posting

UPDATE: A Thales spokesperson said the company's experts have not identified any publication of data after LockBit claimed it would leak stolen data on November 7.

"They are carefully monitoring the situation and the Group remains vigilant with regard to any data release. Thales reiterates that the Group has not identified any trace of impact on — nor intrusion into — its information systems. Besides, Thales has not received any authentic ransom notification," the spokesperson said.

"We remain attentive towards any allegations of data theft, Thales cybersecurity experts are fully mobilized, as data protection is our utmost priority."

PREVIOUSLY: French defense and technology firm Thales has denied it was hit with ransomware after a hacking group threatened to leak data stolen from the company. 

A spokesperson for Thales confirmed that they were aware that the LockBit ransomware group  announced plans to release the data on Nov. 7 in a post on Monday on its leak site. But the company said it has found no evidence that it was ever attacked by the group. 

“Thales has not identified any trace of impact on — nor intrusion into — its information systems. Besides, we have not received any direct ransom notification,” the spokesperson told The Record. “A dedicated team of security experts systematically investigates this type of situation. We carefully monitor every allegation related to data theft as security of data remains our key priority.”

#lockbit has posted #thales group as a victim... This is the second time after lockbit posted them in 2021#cybersecurity #infosec #ransomware pic.twitter.com/F2As8ee0Ip

— CyberKnow (@Cyberknow20) October 31, 2022

A Thales spokesperson added that though they have not been contacted with any ransom demands, they have notified ANSSI, the government's national cybersecurity agency.

Researchers have linked more than 1,029 attacks to LockBit since the group began its operation in 2019. The group was considered a marginal player until last year when it launched LockBit 2.0, a new version of its ransomware-as-a-service platform.

The group revamped again, launching LockBit 3.0 this summer and supplanting Conti as the most prolific criminal organization. The gang had at least 68 victims in August, including a crippling attack on a hospital about an hour southeast of Paris last month that disrupted its medical imaging, patient admissions, and other services. 

About one-third of ransomware attacks targeting industrial systems in the second quarter were attributed to LockBit, according to cybersecurity firm Dragos.