LockBit ransomware accuses Entrust for DDoS attacks against leak sites and showed proof that may make you smile also
A distributed denial-of-service (DDoS) attack that appears to have been undertaken in retaliation to the cybercriminals disclosing data they had obtained from security firm Entrust has put the leak website of the LockBit ransomware operation offline. Entrust began notifying consumers about the incident on July 6, after it was detected on June 18. The attack was finally discovered on July 21 when a security researcher found a copy of the customer notification that Entrust had sent out.
At the time, some researchers claimed that Entrust had probably fallen prey to ransomware, but no specific group was mentioned. However, the LockBit gang claimed responsibility for the hack on August 18 and threatened to release all of the stolen material in a 24-hour period if Entrust did not pay a ransom.
The Tor-based leak website of the black hat hackers was subjected to a DDoS attack shortly after they began distributing the Entrust data. A line requesting the cybercrime gang to remove the stolen Entrust data was part of the attack requests sent to the LockBit website.
According to VX-Underground when they asked the Lock bit Ransomware group how they know its entrust who is doing the DDoS attack. The ransomware group then shared the screenshot showing the proof with a line of code Delete_Entrust_Motherfuckers. However, this didn’t go well with the group and now finally the data is being distributed to the breach forums by the group.
Lockbit ransomware group ransomed Entrust. Following the breach, Lockbit ransomware group was hit with a massive DDoS attack – taking them offline for several days. Entrust data is now being distributed on the infamous clearnet forum Breached.
We've seen that photo before! 😂 pic.twitter.com/V5P5oysst1
— vx-underground (@vxunderground) August 25, 2022
The cybercrime group has responded to the incident by stating that it is improving its infrastructure to defend it against additional DDoS attacks and that it is looking for alternate storage options that should enable data leakage even if its website is down. In addition, as part of a triple extortion scheme that combines file encryption, data leaks, and DDoS attacks, they want to conduct their own DDoS attacks against victims.