Search
Close this search box.

LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data

Share:

Known as LockBit, the ransomware gang is claiming responsibility for hacking IT giant Entrust and leaking their files.

Entrust Corp. provides software and hardware used for banking and financial transactions, e-passport production, user authentication, trust certificates, mobile credentials, and connected devices.

LockBit claims responsibility for breach

Security researcher Dominic Alvieri reported that LockBit published an Entrust data publication page on their leak site and threatened to expose all stolen information the following night. 

The ransomware group attacked Entrust after purchasing access to the corporate network through “network access sellers.” 

LockBit’s Entrust leak page

LockBit’s threat to make all data public insinuates Entrust has not engaged or is unwilling to comply with LockBit’s demands.

LockBit’s Entrust leak page.
Source: SOCRadar

What has been leaked so far?

LockBit began revealing Entrust’s stolen data on August 9. Initially, screenshots were leaked that hinted at what would be next exposed.

Alvieri, who has been monitoring the breach, said accounting and legal files, as well as marketing spreadsheets, were exposed.

Entrust’s customers include a range of US government agencies, including the Department of Homeland Security, the Treasury Department, and the Department of Energy. It also includes insurance and financial companies as well as tech firms like VMware and Microsoft.

DDoS attack against LockBit

DDoS campaigns are designed to disrupt the normal operations of a website by overwhelming it with a flood of internet traffic or messages.

The LockBit sites went offline after the data began leaking. Ransomware actors claimed the attack was a DDoS attack related to their dispute with Entrust.

While the perpetrators of the DDoS attack remain unknown, a LockBit member told Bleeping Computer that the attack “began immediately after the publication of data and negotiations”.

He also separately told malware research group VX-Underground that he believed the attack was launched by someone connected to Entrust, referencing junk internet traffic that said “DELETE_ENTRUSTCOM_MOTHERFUCKERS.” 

How to mitigate a privilege access attack

Experts in security and network maintenance are advised to stay informed of threat actors’ developments and tactics, as well as monitor software and firmware updates.

Reviewing accounts and privileges can significantly reduce risk of attacks, by removing accounts or privileges that are no longer needed. Make sure all digital assets are visible by implementing security measures and establishing a specialised SOC Management team. Make sure you have a backup plan in case of cyber-attacks, including ransomware.

Picture of Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →