Ransomware, Breach, Threat Management

LockBit ransomware group creates leak site after claiming June hack of Entrust

A screen image of a ransom site made in 2021 by the LockBit ransomware group is seen. (Image provided by Recorded Future)

The LockBit ransomware gang has apparently created a leak site after claiming responsibility for a hack of Entrust in June.

As reported by Bleeping Computer, the ransomware group is one of the most active at the moment and data leaks over time are often a tactic to get firms back to the negotiating table. The group is threatening to leak all of the data it stole from the digital security giant by Aug. 20, according to Bleeping Computer.

Entrust is a Minneapolis-based identity management and authentication service with nearly 3,000 employees, according to MSSPAlert, a partner site of SC Media. Key Entrust customers include U.S. government agencies. 

Update: Aug. 22 at 2:04 p.m. Eastern

Late Friday, LockBit began leaking Entrust data, sharing screenshots of the allegedly stolen data that included legal documents and accounting data, according to Bleeping Computer.

But the leak was short-lived as LockBit's Tor site was inaccessible soon after the leaks began due to a DDoS attack, Bleeping Computer reported.

The Twitter account for VX-Undergound, which bills itself as "the largest collection of malware source code, samples and papers on the internet," posted an image apparently provided by LockBit of a screenshot of the HTTPS request with a message that suggests it's from Entrust, a move, if truly conducted by Entrust, would be an unprecedented one.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.