Tuesday, March 26

LockBit falls victim to large-scale DDoS attack after hacking Entrust



After being taken offline for days by a Distributed Denial of Service (DDoS) attack, the LockBit ransomware group has announced that it will pursue more aggressive tactics while actively recruiting new members.

In a tweet announcing its new strategy, the group says that from now on it will attack its victims using a triple extortion model, which is based on the double extortion method that has spread in recent years.

Triple extortion ransomware is a relatively new technique that seeks to force the victim or their customers to pay by threatening them with a DDoS attack. This is an extension of the so-called double-extortion ransomware, in which hackers not only encrypt data from hacked systems, but also steal it.

Triple extortion is rare, but has been linked to attacks by the now-defunct REvil group, which was known for using unusual tactics in its campaigns.

LockBit also stated that in addition to triple extortion, it would start including unique and random payment links in each ransom note, making it more difficult for countermeasures such as DDoS attacks to affect the threat actor’s payment site.

On Friday, August 19, shortly after LockBit released purportedly leaked data about cybersecurity firm Entrust, security researchers reported that LockBit’s website was being subjected to what appeared to be a DDoS attack.

According to IT Pro, security researcher Azim Shukuhi tweeted on Sunday that the ransomware group was rejecting 400 requests per second from more than 1,000 servers. Shukuhi also claimed that the AlphV/BlackCat ransomware group was targeted in a similar attack at the same time, but that their website was quickly restored. At the moment, it is unknown if the attacks are related.

Also Read  Así están 'hackeando' las redes sociales de militares ucranianos para simular su rendición

A LockBit support agent accused Entrust of being behind the cyberattack against it in an interview with malware research group VX-Underground. LockBit provided a screenshot of the attack in action, showing requests with an aggressively worded note in the browser’s user agent field instructing LockBit to remove Entrust data.

If Entrust was behind the LockBit attack, it would be the first time a cybersecurity company has conducted an offensive security operation against a ransomware organization. At the time of this writing, the LockBit leak site was inaccessible. Entrust has not confirmed whether or not it is behind the LockBit attack.

Entrust announced a cyberattack on the company in late June 2022, but did not specify whether or not it was ransomware. A LockBit support agent also reportedly shared screenshots of post-attack negotiations between the ransomware group and Entrust.

Conversations with researcher Soufiane Tahiri, also quoted by IT Pro, date back to June 29, 2022, with the ransom set at $8 million before being reduced to $6.8 million. Another security researcher, Dominic Alvieri, obtained and tweeted a notification sent by Entrust to its clients on July 6 informing them of the initial attack on June 18.

“I think the company wanted to keep quiet during the negotiations and quickly come to an agreement after notifying customers. They just stopped negotiating after the cyber incident was revealed,” Alvieri said.

LockBit claims that Entrust is behind the attack; however, as a legitimate cybersecurity company, Entrust is unlikely to ever admit to running offensive security operations. Despite being fairly common in cybersecurity, DDoS attacks are illegal, and it is unlikely that a company of Entrust’s caliber would admit to carrying out an attack that is by definition illegal.

Also Read  Tim Westwood: BBC says it received complaints against DJ | Tim Westwood



How to apply for the 2022 Innovation Awards?




diarioti.com

Leave a Reply

Your email address will not be published. Required fields are marked *