Hundreds of victims hit by Lockbit in three weeks

Dutch article here, it has a translate to button

Hide payloads in malicious DNS record

anything we can (need to) do about this?

I don't see anything in that article that details exactly what they mean by "malicious".

But the only thing I can see that would be helpful is to use a list that has the C2 domains on it.