Novel DARKVAULT gang targets US-based yoga company. BigToe Yoga offers in-home and private massage sessions and works with 5-star professionals. No further details are available from DARKVAULT’s original post.
While ransomware attacks are on the rise today, so too are the FBI’s efforts of containing the spread. The law enforcement agency has conducted multiple operations in an attempt to disable and dissolve major ransomware players over the past years.
The most notable one is Operation Cronos, which aimed to bring down the most notorious ransomware actor in the world: LockBit. But why is this relevant to this recent attack?
It’s relevant because many experts believe that DARKVAULT is simply LockBit’s attempt at rebranding itself. And the evidence is there to support the claim.
The first hint came when DARKVAULT made its presence known for the first time. Some have noticed glaring similarities between DARKVAULT’s launch blog and that of LockBit. That didn’t last long because DARKVAULT changed the blog’s theme shortly after.
This only confirmed what everybody was suspecting anyway; they realized their mistake and were now trying to cover it. The blog now bears no resemblance to LockBit’s, but something else has attracted people’s attention.
It’s the logo with the black cat sitting on the vault. So, what’s that about?
As experts have pointed out, the symbol of the black cat is a reference to the notorious ALPHV / BlackCat ransomware gang. This is another global player in the industry that fights for the first place in the business, alongside LockBit.
The 2 groups aren’t exactly on friendly terms, despite both having ties to the Russian cybercriminal underworld. So, while it hasn’t been proven beyond any reasonable doubt that LockBit is behind DARKVAULT, we are almost there.
But then the question comes: why? Why would LockBit attempt to rebrand itself? The answer is simple, and it includes the words “operation Cronos.” LockBit has been targeted by the FBI, along with other law enforcement agencies, numerous times in the past.
But it wasn’t until Operation Cronos that the US-based agency managed to actually breach LockBit and seize its assets. While the actor managed to bounce back days later and resume its activity, the conclusion was already clear: they were no longer impenetrable.
This means that DARKVAULT may be LockBit’s attempt at covering its tracks and losing some of the heat. The hackers are not naïve. There’s no denying that the FBI tasted blood and will, more likely than not, pursue that.
Embracing a new identity and rebranding their profile may be the perfect getaway scheme.
We believe security online security matters and its our mission to make it a safer place.