View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 22, 2022updated 23 Aug 2022 3:50am

LockBit ransomware group targeted with DDoS attack after Entrust data leak

The prolific cybercrime gang has seen its servers knocked offline in a sustained attack.

By Matthew Gooding

Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year.

The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to security researcher Azim Shukuhi, of Cisco Talos, the gang has been receiving “400 requests a second from over 1,000 servers”.

The perpetrator of the DDoS attack is unknown, and though LockBit’s server was briefly back online earlier today, at the time of writing, it remains down.

Why is LockBit experiencing a DDoS attack?

Thought to be based in Russia, LockBit is now in its third incarnation, known as LockBit 3.0, having undergone several rebrands since it was first spotted in 2019.

It has been one of the most active ransomware groups this year, according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites in Q2, with 231 victims.

Recent victims have included French mobile phone network La Poste Mobile, and electronics manufacturer Foxconn, and on Friday the gang said it was behind the June attack on Entrust, which provides digital identity and security services to businesses, and it said it planned to publish all stolen data online. Over the weekend, it began to leak information purportedly from the breach, and this seems to have triggered the DDoS attack which has taken down the group’s platform.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Data seen on the leak site before it went offline appeared to consist of accounting and legal documents and marketing spreadsheets from Entrust.

What happened in the Entrust ransomware attack?

As reported by Tech Monitor, Entrust, which provides digital ID services to tens of thousands of companies around the world, admitted a breach of its systems which began in June. At the time, Yelisey Boguslavskiy, head of threat research at security company AdvIntel, said the incident was likely to be the work of a “top tier” hacking gang.

Though it admitted the incident took place, Entrust said it had “found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems”, but said it was working with a cybersecurity vendor and law enforcement agencies to investigate further.

LockBit is threatening to leak the entirety of the stolen data, suggesting any ransom demand made of Entrust has not been paid. Tech Monitor has contacted Entrust for comment.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: LockBit claims Mandiant hack to distance itself from Evil Corp

Homepage digital identity image courtesy anyaberkut/iStock

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.