LockBit ransomware gang knocked offline after publishing stolen Entrust data


Infamous ransomware gang LockBit has had its leaks site knocked offline in a distributed denial of service attack, with the gang blaming cybersecurity company Entrust Corp. for the attack.

Bleeping Computer reports that the leak site was knocked offline in a DDoS attack over the weekend and that the LockBit had received a message telling them that the attack would stop if they removed data stolen from Entrust.

The attack on Entrust, which counts among its clients Microsoft Corp. and VMware Inc., occurred in June with the company admitting to the theft of data on July 28. Entrust described the attack as involving an unauthorized party accessing certain systems used for internal operations but not affecting its products in identity and access management, identification and passport issuance, payments, cloud security and data processing.

Entrust did not disclose the form of the June attack. It was believed at the time that a ransomware attack was likely involved and as it turned out, the LockBit ransomware gang subsequently claimed credit for the attack.

The DDoS attack on LockBit was first detected on Saturday night, with Azim Shukuhi, a cybersecurity researcher with Cisco Systems Inc.’s Talos threat intelligence group providing details on Twitter.

The timing of the attack appears to be more than a coincidence. LockBit first started leaking stolen data from Entrust on Friday night. The initial leak included 30 screenshots of allegedly stolen data from Entrust, including legal documents, marketing spreadsheets and accounting data.

A spokesperson for LockBit also provided a screenshot of the attack, showing data packets that included a message to delete the stolen data followed by an expletive.

Previous LockBit attacks include Accenture PLC and Bangkok Airways Public Company Ltd. The gang typically undertakes double-tap ransomware attacks that involve the encryption of data and a threat to publish stolen data if a ransom is not paid.

It has not been disclosed whether a ransom payment was demanded from Entrust, but presuming one was, the decision by LockBit to start publishing the stolen data would indicate that Entrust did not pay the amount requested.  Previous LockBit ransom demands from victims have ranged up to $50 million to be paid in cryptocurrency.

A successful attack on a cybersecurity company is never a good look and Entrust’s delay in revealing the attack also contributed to negative press. Entrust has every right to be angry about being attacked and no one will shed a tear over LockBit itself now being attacked. However, if they are behind the DDoS attack as LockBit alleges, it does raise ethical considerations as to whether a cybersecurity company should be using DDoS attacks in retaliation for a breach, let alone whether doing so is legal as well.

Image: TheDigitalArtist/Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Related Articles