[MART] - Daily Diary #579 - Lockbit Ransomware Hit By DDoS After Publishing Entrust Data

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Aug 23 21:11:39 UTC 2022


Hello,

I hope everyone is doing well!

Below is the entry for today.

08/23/2022 - Diary entry #579:

In late July Entrust, a large cybersecurity firm, confirmed it was a victim of a cyberattack. At the time, Entrust said the threat actors breached into their networks and stole data from internal systems. Several US government agencies and other sensitive organizations use Entrust for identity management and authentication, making this incident dangerous depending on the type of data the attackers had access to.

Last week, on August 19th, our team's Ransom Tracker alerted on Lockbit wall-of-shame, with the gang publishing a post on Entrust with the countdown to publish the stolen data - indicating the ransom demand was not paid. Covered in several of our Daily Diaries, Lockbit is at the top most active ransomware gangs active nowadays, publishing new targets in their wall-of-shame almost every day.

Later, on the dedicated post after the countdown finished, Lockbit published accounting, legal, and marketing documents. However, on August 20th (the next day) Lockbit wall-of-shame went offline after a DDoS attack. One member of Lockbit went public saying they were receiving more than 400 request a second from over 1000 servers. The group also published a screenshot of their weblogs, where the attackers are making requests with the string "DELETE_ENTRUSTCOM_MOTHERF[redacted]".

It's not clear if Lockbit already published all the stolen data they had from Entrust, or if after this incident new data will be disclosed, but in retaliation to the attack the cybercrime gang already replaced their page with a message claiming they will upload Entrust data to a torrent tracker. Lockbit spokesperson also claimed they are strengthen their infrastructure, and that the torrent with 300GB of stolen data will be distributed publicly soon. It's also not clear if this attack was coordinated by Entrust, one of their partners, or some independent attacker trying to avenge the company.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Manager, MART
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220823/8f827a75/attachment.htm>


More information about the MART mailing list