DDoS attack against LockBit ransomware pinned on Entrust

BleepingComputer reports that the LockBit ransomware gang has been impacted by a distributed denial-of-service attack that has shut down its data leak sites during the weekend, which the ransomware operation attributes as a retaliatory attack by Entrust after it had stolen and leaked data from the digital security provider. Entrust first confirmed being hit by a cyberattack in June, which was affirmed by LockBit last week, with the ransomware gang commencing the exposure of stolen data, including accounting files, marketing spreadsheets, and legal documents, on Friday. However, LockBit's Tor data leak sites were found to be unavailable immediately after the leaks began as a result of a DDoS attack, with LockBit ransomware representative LockBitSupp noting that Entrust-linked actors may have been behind the intrusion. Such a DDoS attack, which Cisco Talos researcher Azim Shukuhi said reached 400 requests per second from more than 1,000 servers, has prompted LockBit to threaten the uploading of all stolen files as a torrent. However, cybersecurity experts said that a cybersecurity firm dealing with hackers through a DDoS attack would be unprecedented. "I believe this is somehow backed by Entrust at the moment but not another group attacking both. The only group with an interest in attacking both would be the feds or gov entities," said security researcher Dominic Alvieri.