Read Time:2 Minute, 26 Second
LockBit ransomware gang is taking credit for a recent cyberattack against cybersecurity giant Entrust—but with an interesting twist.
LockBit, a prominent ransomware operation that’s previously claimed attacks on Foxconn and Accenture, took responsibility for the July cyberattacks by adding Entrust to its dark web leak site. The group claims that its latest attack victim turned around and actively participated in returning damage done by them.
Late last month, Entrust announced it had been attacked by an “unauthorised party” who accessed parts of its network. They declined to provide more details about this attack’s nature or extent (if any).
“We are aware of the situation and working diligently with law enforcement and cybersecurity experts to understand what happened and restore normal operations,” said an Entrust spokesperson.
A week later, the group behind LockBit ransomware announced they were behind this attack. They even posted a screenshot of what appears to be an Entrust server as proof.
The company describes itself as a global provider of identity verification, payment processing and data protection services for customers in the United States.
Entrust’s clients include some of the most prestigious companies in the US, including government agencies like the Homeland Security Department (HS), the Department Of Energy(DOE), and the Treasury department.
Entrust may have refused to meet the group’s ransom demands after all. But soon later, an apparent DDoS attack forced LockBit’s dark web leak site offline; and with it, any hope for information about what happened inside that company.
Azim Shukuhi, a security researcher at Cisco’s Talos cited a LockBit member going by the handle “LockbitSupp”, who claimed they received 400 requests per second from over 1,000 servers. It is still unknown who was responsible for launching this DDoS attack and whether or not their motives were connected to recent data publication negotiations between hackers on both sides of an ever-growing conflict.
The US government classifies offensive cyberattacks, such as launching DDoS attacks against unwilling participants in an attack or hackers “hacking back” to stop them from carrying out their crimes will be illegal under federal law. They could potentially fit the definition of “computer fraud.”
“Lockbit’ ‘s decision to publish data may have come as a surprise to some because it’s pretty common for ransomware gangs to offer victims the option to keep their data privacy in return for paying a ransom,” Shukuhi wrote. “The DDoS attack was launched by someone who wanted to prevent the data from being released publicly, but that’s just speculation at this point.”
As the situation develops, we will continue to provide updates as appropriate. In the meantime, we would like to remind our readers that no matter the circumstances, giving into ransomware demands only funds these malicious operations and puts you at risk of being targeted again in the future. The best course of action is to have regular backups of your data stored offline.
Happy
100 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
