In July, Entrust, a Minneapolis-based cybersecurity behemoth, acknowledged becoming the target of a cyberattack that happened in the previous month. On June 18, an “unauthorized entity” gained access to Entrust’s system that is utilized for internal operations and stole data from its network.
The breach was discovered when on July 6, cybersecurity researcher Dominic Alvieri disclosed a letter addressed to Entrust clients informing them that some files were stolen from its internal servers. The letter was unclear whether the stolen files had anything to do with Entrust or one of its clients. The company claimed at the time that such goods and services were operated in distinct environments, air-gapped from its internal systems.
Now, in a shocking turn of events, while LockBit ransomware claimed responsibility for the cyberattack, it is also accusing Entrust of a counterattack. According to Azim Shukuhi, a researcher at Cisco Talos, the DDoS attack on LockBit’s servers had “400 requests per second from over 1000 servers.”
LockBit ransomware came clean last week and began leaking the stolen data. This leak from the intrusion purportedly comprised 30 screenshots of data from Entrust, including spreadsheets for marketing, legal papers, and financial information. However, soon the Tor data leak websites belonging to the LockBit ransomware operation were taken down over the weekend as a result of a DDoS assault ordering them to delete purportedly stolen data from Entrust. Security research organization VX-Underground soon learned that the Tor sites were being attacked by someone they thought to be affiliated with Entrust from LockBitSupp, the public-facing representative of the LockBit ransomware campaign. This claim was supported when the attacker appended a message to LockBit in the user agent field of the browser, instructing it to erase Entrust’s data as referenced in the HTTPS requests.
In response to the attack, LockBit’s data leak sites now display a statement warning that the ransomware gang intends to upload all Entrust’s data as a torrent, making it nearly impossible to remove. In addition, the cyber attackers told security researcher Soufiane Tahiri about the alleged conversations between Entrust and the ransomware group. According to this communication, the ransom demand was first set at $8 million but eventually decreased to $6.8 million. Initially, the gang set the ransom payment deadline on August 19.
Read More: Free cybersecurity courses in India
According to a report from Digital Shadows, with 231 victims, LockBit was one of the most active ransomware organizations this year, accounting for 32.77% of all instances in the second quarter involving data being shared to ransomware leak sites. More than three times as many victims than any other group were suffered by LockBit. Among the most recent victims were the French mobile phone provider La Poste Mobile and the electronics giant Foxconn.
LockBit first appeared in September 2019 and was known as the “.abcd virus.” The nickname referred to the name of the file extension that was used to encrypt a victim’s data. In June, the group published LockBit 3.0, the most recent iteration of its ransomware. The most recent incarnation includes a bug bounty program, giving payments ranging from $1,000 to $1,000,000 to anybody who provides exploits, personal information on potential victims, knowledge about high-value targets, or suggestions for enhancing the gang’s activities. LockBit revealed that some of its dark web stores now accept Zcash payment. The group also added anybody can now purchase the stolen data, and victims can pay the gang to delete the data or extend the ransom payment date in exchange for compensation. LockBit has unveiled a new strategy in which targets would be attacked utilizing a triple extortion model, which builds on the double extortion method that has become increasingly popular in recent years.