In an interesting development of where a victim may have become the attacker, an apparent distributed denial of service (DDoS) attack forced ransomware group, LockBit’s dark web leak site offline.

While LockBit took credit for taking down security provider, Entrust, in July, no one is taking credit for the DDoS attack. However, LockBit is saying Entrust is the culprit behind the DDoS attack. To that end, there is no proof Entrust is behind the attack.

Minneapolis, MN-based security provider, Entrust, admitted in July it suffered a cyberattack in June where some data ended up stolen. Entrust provides security solutions for user and machine identities, payments, and digital infrastructure.

Todd Wilkinson, Entrust president and chief executive said in a statement, “I am writing to let you know that on June 18, we learned that an unauthorized party accessed certain of our systems used for internal operations. We have been working tirelessly to remediate this situation since that moment.”

Schneider Bold

Azim Shukuhi, a security researcher at Cisco’s Talos, said Saturday on Twitter a LockBit member going by “LockBitSupp,” said “someone is DDoSing the Lockbit blog hard right now. I asked LockBitSupp about it and they claim that they’re getting 400 requests a second from over 1000 servers. As of this writing, the attack appears to be active. Lockbit promised more resources & to ‘drain the ddosers money.’”

Meanwhile, the drama continued as security researcher, Soufiane Tahiri on Monday found a chat log between Entrust and LockBit showing the negotiations for a ransom payment.

“From the chat log timestamps, the negociations started two months ago (29/06) and for some reason, after offering 1M$ (saving time?), Entrust stopped negociating the 13/07. FYI:Tha initial ransom was 8M$ than dropped to 6,8M$,” Tahiri tweeted.

The same LockBit member told malware research group VX-Underground on Sunday they believed the attack was launched by someone connected to Entrust, referencing junk Internet traffic that said “DELETE_ENTRUSTCOM_MOTHERFUCKERS.”

ISSSource

Pin It on Pinterest

Share This