- LockBit ransomware group has managed to breach Entrust’s servers to conduct a ransomware attack and steal the data.
- After the negotiations between LockBit and Entrust failed, the ransomware group decided to leak the stolen data on their Tor website.
- At the time they published the stolen data, LockBit’s Tor website faced a DDoS attack; they obviously think Entrust is behind this attack.
One of the biggest ransomware operators, LockBit, managed to breach Entrust, which is a payment, identity, and data protection service provider in late July. The malicious actors have conducted a ransomware attack and stolen the data from Entrust’s servers. And they demanded $8 million for decryption and not to leak the stolen data.
The amount of money LockBit demands went down to $6.8 from $8 million. However, despite the discount, the negotiations failed and the group decided to leak the data they have stolen. On the 19th of August, the last Friday, LockBit has begun the process to leak the data on the Tor website. At the same time, that website faced a DDoS attack and went offline. The DDoS attacks carried a message as well, which can be seen in the Tweet below:
Lockbit: "We're being DDoS'd because of the Entrust hack"
vx-underground: "How do you know it's because of the Entrust breach?"
— vx-underground (@vxunderground) August 21, 2022
LockBit group obviously thinks Entrust has conducted this DDoS attack and made a statement to BleepingComputer as follows:
« DDoS attacks began immediately after the publication of data and negotiations, of course, it was them, who else needs it? In addition, in the logs, there is an inscription demanding the removal of their data. »
If Entrust really conducted a DDoS attack on LockBit’s Tor website, it might be the first legitimate company that counter-attacks the hackers by utilizing illegal ways. However, the attacks might have been conducted by another person/organization that could be negatively affected by the data leaks. Currently, Entrust did not make any statement about those DDoS attacks.
LockBit operators have decided to publish the leaked data via torrents.