Last week, after the information security company Entrust was hacked, the LockBit hacker group was subjected to powerful DDoS attacks. Now the hackers say they have improved DDoS protection and plan to do triple extortion in the future, using such attacks as additional leverage on victims.
Let me remind you that we also reported that Hackers Launched LockBit 3.0 and Bug Bounty Ransomware, and also that Experts Find Similarities Between LockBit and BlackMatter.
Let me remind you that Entrust was hacked back in June 2022. Then the company confirmed to the media that Entrust was subjected to a ransomware attack, during which data was stolen from its systems. Then, the site that the LockBit hack group uses to “leak” data has a section dedicated to Entrust. The attackers said they were going to publish there all the information stolen from the company. Usually, such actions mean that the victim company has refused to negotiate with the extortionists or comply with their demands.
However, shortly after the publication of the data, the Tor site of the hackers went down, and the group reported that it had been subjected to a DDoS attack precisely because of the Entrust hack. The fact is that DDoS is accompanied by messages: “DELETE_ENTRUSTCOM_MOTHERFUCKERS”.
As Bleeping Computer journalists now write, a group representative known as LockBitSupp announced that the group is back in operation with a more serious infrastructure, and now the data leak site is not afraid of DDoS attacks.
Moreover, the hackers said they took this DDoS attack as an opportunity to learn triple extortion tactics that could be useful for them in the future. Indeed, with the help of DDoS attacks, can be put additional pressure on victims to pay a ransom (in addition to data encryption and threats to publish stolen information in the public domain).
LockBit also promised to distribute all the data stolen from Entrust via a 300 GB torrent so that “the whole world will know your secrets.” At the same time, a representative of the group promised that at first the hackers would share Entrust data privately with anyone who contacts them. Journalists note that over the weekend, LockBit has already released a torrent called “entrust.com”, containing 343 GB of information.
When it comes to protecting against DDoS attacks, one of the methods already implemented by hackers is the use of unique links in ransom notes. “The function of randomizing links in locker notes has already been implemented, each assembly of the locker will have a unique link that dudoser will not be able to recognize,” LockBitSupp says.
The hackers also announced an increase in the number of mirrors and backup servers, and also plan to increase the availability of stolen data by publishing it on the regular Internet and using “bulletproof” hosting for this.