LockBit 3.0 ransomware group asserted that it had stolen data from the French defense and technology group Thales. Thales is a global high-tech leader with over 81,000 employees worldwide.

The Group invests in digital and deep tech innovations such as cybersecurity, artificial intelligence, big data, connectivity, and quantum to contribute to the development of modern-day societies.

Making the headlines

Thales confirmed that they are aware of the LockBit gang's claims to have stolen some of its data.
  • The Lockbit group added Thales to the list of victims on October 31. After carrying out the Thales Group ransomware attack, the Lockbit gang is now threatening to publish stolen data by November 7.
  • If the company does not pay the ransom, they might have to face the consequences, according to the Lockbit group.
  • As of now, the Lockbit gang has yet to publish any samples of the alleged stolen data.
  • Thales stated that it has not received any direct ransom notification from the gang.

The company has launched an investigation into the alleged Thales group ransomware attack that led to a security breach and has also notified the French ANSSI national cyber security agency.

The company has yet to file an official complaint with the police.

The rise in LockBit’s activities

  • Researchers from DarkFeed found that out of 230 victims, 103 were amassed by LockBit affiliates in just September.
  • The cybercrime underworld's most active gang in Q2 2022, according to a report by Digital Shadows, was LockBit, which also held the record for the most victims (231) in a quarter.
  • In total, LockBit has claimed 1,157 victims (during its career), far more than the ransomware gangs Conti (900), Hive (192), and BlackCat (177) combined.

Recent incidents

  • Kingfisher Insurance, a British insurance provider, was most recently mentioned on LockBit's leak site. It claimed to have stolen 1.4 TB of data, including customer and employee personal information.
  • Oomiya, a Japanese tech company, had its data stolen by a LockBit 3.0 ransomware offshoot, who then threatened to release the information if the company didn't pay the requested ransom.
  • Microsoft Exchange servers were used earlier this year to spread the LockBit ransomware via an unreported zero-day weakness.


Over time, LockBit RaaS has become a dangerous threat. Given that the bad actors only require a few minutes to enter the system, what happened to Thales could happen to any corporation if they don’t review their defenses with time and upgrade if needed. The companies are advised to employ proactive security measures such as real-time threat intelligence sharing to keep themselves safe.
Cyware Publisher