If you believe the screenshots and the ZIP files provided, then LockBit has published the data captured from the weapons manufacturer Thales – or at least parts of it. Thales has not yet released an official statement on the hack.
On the Lockbit leak page, the hackers show several screenshots that are said to come from the captured data from the weapons manufacturer Thales. Site plans of military installations can be seen, as well as the structure and equipment of a building with radar, radio towers and offices - right down to the mobile toilet. The other images also show diagrams or lists. Thales logos and lettering can be seen again and again on the screens, but of course this is not to be seen as proof of authenticity.
Selling the data via the dark web?
If LockBit has the data, there should be increased interest in it on the dark web. LockBit currently distributes all data or only a small part of the data via its leak page. There you will find a file called “screenshots-thalesgroup” and a ZIP file “thalesgroup.com-Files-Attack(2).zip”. The data could even be downloaded. But what is really in it would have to be examined by experts for authenticity. After all, the archive is 9,5 GB in size. There could be many documents and screens included. Of course, it is not recommended for anyone, except experts and prosecutors, to download this data, as doing so could also result in criminal prosecution.
LockBit remains threat #1
The LockBit hacker group is currently the number 1 most dangerous hacker group. It's been like this for months Malwarebytes ransomware and malware report. The number of registered and unfortunately often successful attacks is sometimes 4 times as high as in No. 2. And it doesn't look like LockBit wants to take its foot off the gas. On the contrary: parallel to Thales, LockBit also stole a lot of data from Continental. According to the chat log, it is said to have been 40 TB of data – 4.000 times more than Thales!
Continental and Thales don't pay
Since LockBit published the data, Thales and probably also Continental did not pay the ransom. At Continental, that was $50 million. Apparently Thales didn't officially ask for a ransom but wanted to help plaintiffs against Thales. The requirement is quite confusing. The following text can be found on the leak page: “As for customers, you can contact the relevant organizations to consider legal action against this company, which has grossly neglected the rules of confidentiality. We are at your disposal to give you our best.” But nobody will sue Thales with LockBit as a witness.