A distributed denial-of-service (DDoS) attack appears to have brought down the LockBit ransomware operation’s leak website. The ransomware group appears to have published data obtained from security company Entrust. The Entrust breach was discovered on June 18, and consumers were notified on July 6. However, the intrusion was discovered on July 21, when a security researcher stumbled across a copy of the notification provided to consumers by Entrust.
Some analysts speculated at the time that Entrust had been infected with ransomware, but no group was named. However, on August 18, the LockBit gang claimed responsibility for the attack, threatening to disclose all of the stolen files in 24 hours unless Entrust paid a ransom.
A DDoS attack was launched shortly after the black hat hackers began posting the Entrust data on their Tor-based leak website. A string encouraging the cybercrime organization to remove the stolen Entrust data was included in the attack requests aimed at the LockBit website.
According to Cisco Talos researcher Azim Shukuhi, the crooks claimed to be receiving 400 requests per second from over 1,000 servers.
It is unclear who is responsible for the hack, but Entrust itself has been suspected. Beyond its first statement confirming the intrusion of HR, finance, and marketing systems, the security firm has not provided any updates on the situation. According to the corporation, there is no evidence that the operation or security of its products and services has been compromised.
In reaction to the incident, the cybercrime organization says it is improving its infrastructure to prevent itself from future DDoS attacks and is looking for alternate storage methods that will allow them to leak data even if its website is down. Furthermore, as part of a triple extortion scheme that includes file encryption, data leaks, and DDoS attacks, they want to conduct their own DDoS operations against victims.
