• World CyberCon India
Firewall Daily Hacks

Lockbit vs Entrust: Ransomware Gang Blames Security Company for DDoS Attack

The LockBit ransomware gang is blaming the cybersecurity company Entrust for initiating a DDoS attack (distributed denial of service attack) on its data leak website.

Lockbit vs Entrust: Ransomware Gang Blames Security Company for DDoS Attack
  • PublishedAugust 26, 2022

After being hit by a DDoS attack (distributed denial of service attack), the notorious LockBit ransomware gang’s data leak website was compromised, following which the hacker group blamed cybersecurity company “Entrust” for the strike as it was previously a victim of an attack initiated by the hacker collective in June 2022.

Sources state that the attack was in retaliation to the hacker group’s recent invasion of the cybersecurity company. However, Entrust did not publicly disclose the actual name of the perpetrator behind the attack.

An attempt at retaliation

On June 18, 2022, Entrust suffered a cyberattack from an unknown threat actor. The firm notified its users about the blitz in the next month and publicly announced the breach on July 21, 2022. The intrusion was classified as a “ransomware attack,” but the offender’s names were not revealed in the public announcement.

However, on August 8, 2022, the LockBit ransomware gang announced that they were behind the data breach at Entrust. In its claim, the gang confirmed that they threatened the security company to pay a certain ransom amount against the 30GB worth of stolen data that the threat actor promised to leak on the internet.

According to cybersecurity researcher Soufiane Tahiri, who accessed a copy of communication between the two parties — LockBit gang and Entrust, the attacker demanded $8 million in ransom but later reduced it to $6.8 million. However, the security company offered to pay only $1 million.

LockBit’s DDoS attack: what went wrong?

Since the negotiation for the extortion amount didn’t go as planned, the ransomware gang published small chunks of the stolen data on the internet. As soon as they started the operation, their Tor-based website received a DDoS attack, making the website inaccessible.

Several cybersecurity specialists, including Cisco Talos researcher Azim Shukuhi, received crucial information about the statement that LockBit claimed to have received over 400 requests per second from over 1,000 servers, pressuring the group to delete the stolen data.

However, despite the attack stating the term “Entrust” multiple times, it is still unclear who could have launched the attack as the website (LockBit 3.0) is currently offline.

The LockBit gang has promised to retaliate against the attackers who used DDoS on its website and tweeted that they’ll be using a triple extortion model, a popular strategy used by cybercriminals for extortion, in the next attack, which will be executed after recruiting more members in its gang.

To protect themselves from counterattacks, the hacker group has also announced they will include randomized payment links in its ransom notes so that the victims won’t be able to use DDoS again.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.