A notorious ransomware gang, LockBit, suspects IT giant Entrust is behind a recent DDoS attack that knocked Lockbit's data leak site offline.
Entrust Corp, providing software and hardware used to issue financial cards and e-passport production, among other products and services, was hit by a ransomware attack on June 18, 2022.
Cybersecurity researcher Dominic Alvieri obtained and published Entrust CEO Todd Wilkinson's notice sent to Entrust customers, saying that an unauthorized party accessed certain parts of their systems used for internal operations.
Later, the LockBit ransomware gang took responsibility for the hack and has threatened to leak the stolen files.
Another security researcher, Soufiane Tahiri, concluded that the negotiations between LockBit and Entrust started on June 29, and, judging from the time stamps, Entrust stopped negotiations on July 13. The initial ransom demand was $8 million and was lowered to $6,8 million.
"I believe the company wanted to keep it quiet during negotiations and quickly settle after notifying customers. When the cyber incident was exposed they just stopped negotiating," Dominic Alvieri told Tahiri in a thread.
Throughout the last couple of days, we saw another twist in the story. LockBit was hit by a distributed denial of service (DDoS) attack that forced their data leak site offline.
HTTPS requests sent by the attackers let security researchers presume that the DDoS attack is related to Entrust.
"LockBit ransomware group, unable to sustain the current DDoS attack they're under, temporarily placed a message on one of their Tor domains asking for assistance hosting and/or torrenting Entrust files," a security research group VX-Underground said.
More from Cybernews:
Subscribe to our newsletter