View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 22, 2022updated 23 Aug 2022 3:50am

LockBit ransomware group targeted with DDoS attack after Entrust data leak

The prolific cybercrime gang has seen its servers knocked offline in a sustained attack.

By Matthew Gooding

Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year.

The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to security researcher Azim Shukuhi, of Cisco Talos, the gang has been receiving “400 requests a second from over 1,000 servers”.

The perpetrator of the DDoS attack is unknown, and though LockBit’s server was briefly back online earlier today, at the time of writing, it remains down.

Why is LockBit experiencing a DDoS attack?

Thought to be based in Russia, LockBit is now in its third incarnation, known as LockBit 3.0, having undergone several rebrands since it was first spotted in 2019.

It has been one of the most active ransomware groups this year, according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites in Q2, with 231 victims.

Recent victims have included French mobile phone network La Poste Mobile, and electronics manufacturer Foxconn, and on Friday the gang said it was behind the June attack on Entrust, which provides digital identity and security services to businesses, and it said it planned to publish all stolen data online. Over the weekend, it began to leak information purportedly from the breach, and this seems to have triggered the DDoS attack which has taken down the group’s platform.

Data seen on the leak site before it went offline appeared to consist of accounting and legal documents and marketing spreadsheets from Entrust.

What happened in the Entrust ransomware attack?

As reported by Tech Monitor, Entrust, which provides digital ID services to tens of thousands of companies around the world, admitted a breach of its systems which began in June. At the time, Yelisey Boguslavskiy, head of threat research at security company AdvIntel, said the incident was likely to be the work of a “top tier” hacking gang.

Though it admitted the incident took place, Entrust said it had “found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems”, but said it was working with a cybersecurity vendor and law enforcement agencies to investigate further.

LockBit is threatening to leak the entirety of the stolen data, suggesting any ransom demand made of Entrust has not been paid. Tech Monitor has contacted Entrust for comment.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Read more: LockBit claims Mandiant hack to distance itself from Evil Corp

Homepage digital identity image courtesy anyaberkut/iStock

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU