The LockBit ransomware gang claims responsibility the July cyber attack against cybersecurity giant Entrust, but with a twist. the group also accuses its latest victim of a counterattack.
Entrust, which describes itself as a global leader in identity, payments and data protection, said in late July that an “unauthorized party” had accessed parts of its network, but declined to describe the nature of the attack or say whether customer data was stolen. Entrust’s clients include a number of US government agencies, including the Department of Homeland Security, the Department of Energy and the Treasury Department.
On Friday, LockBit, a popular ransomware operation that was previously announced attacks on Foxconn and: Accenture, claimed responsibility for the July cyberattack by adding Entrust to its dark web leak site. This weekend, the gang began leaking internal company data, suggesting that Entrust may have refused to meet the group’s ransom demands.
But soon, an apparent distributed denial of service (DDoS) attack forced LockBit’s dark web leak offline.
Azim Shukuhi, security researcher at Cisco’s Talos, quoted A LockBit member going by the handle “LockBitSupp” who claimed the site was getting “400 requests per second from over 1,000 servers.” Meanwhile, the authors of the DDoS attack remain unknown, the same LockBit member said Bleeping Computer that the attack “began shortly after the release of the data and negotiations,” and separately VX-Underground’s malware research team said they believe the attack was carried out by someone affiliated with Entrust, citing spam internet traffic that says “DELETE_ENTRUSTCOM_MOTHERFUCKERS.”
LockBit’s website remained largely unavailable on Monday, but briefly showed a message warning that the gang plans to upload the stolen Entrust data to peer-to-peer networks, making it nearly impossible to remove the data.
TechCrunch asked Entrust to confirm or deny any information or any link to the DDoS attack. Ken Cadet, Entrust’s vice president of communications, declined to respond to multiple emails sent before publication.
Offensive cyberattacks or “countermeasures” against cybercriminals, such as DDoS attacks unwilling participants — are illegal under US law and may be classified as a federal criminal offense Under the Computer Fraud and Abuse Act. Back breaking happened hotly debated for years as a possible alternative to protect U.S. companies from international threats, though critics say allowing private companies to engage in cyberwarfare risks escalating diplomatic tensions and destabilizing state-to-state relations.
Or, as one security researcher puts“The idea that a cybersecurity company would DDoS around itself would set a dangerous precedent. [sic]”.