Triple extortion techniques are on the cards for the LockBit ransomware group, which has been seeking to bolster its defenses following a distributed denial-of-service attack allegedly conducted on behalf of digital security firm Entrust, which it had hacked in June, reports BleepingComputer.
While leaks of data belonging to Entrust have been temporarily halted by the DDoS attack, LockBit's public-facing figure LockBitSupp said that the operation has reemerged with a larger and more robust infrastructure that now includes DDoS among its extortion arsenal, which only previously included data encryption and leaks. "I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting," wrote LockBitSupp in a forum post. LockBitSupp added that the ransomware operation has already begun implementing unique links in victims' ransom notes in an effort to avert potential DDoS attacks, while more mirrors and duplicate servers, as well as increased stolen data availability are also being planned.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.