Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
0

ransomware gang targeted after Entrust leak | #computerhacking | #hacking | #hacking | #aihp


Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year.

The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to security researcher Azim Shukuhi, of Cisco Talos, the gang has been receiving “400 requests a second from over 1,000 servers”.

The perpetrator of the DDoS attack is unknown, and though LockBit’s server was briefly back online earlier today, at the time of writing, it remains down.

Why is LockBit experiencing a DDoS attack?

Thought to be based in Russia, LockBit is now in its third incarnation, known as LockBit 3.0, having undergone several rebrands since it was first spotted in 2019.

It has been one of the most active ransomware groups this year, according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites in Q2, with 231 victims.

Recent victims have included French mobile phone network La Poste Mobile, and electronics manufacturer Foxconn, and on Friday the gang said it was behind the June attack on Entrust, which provides digital identity and security services to businesses, and it said it planned to publish all stolen data online. Over the weekend, it began to leak information purportedly from the breach, and this seems to have triggered the DDoS attack which has taken down the group’s platform.

Data seen on the leak site before it went offline appeared to consist of accounting and legal documents and marketing spreadsheets from Entrust.

What happened in the Entrust ransomware attack?

As reported by Tech Monitor, Entrust, which provides digital ID services to tens of thousands of companies around the world, admitted a breach of its systems which began in June. At the time, Yelisey Boguslavskiy, head of threat research at security company AdvIntel, said the incident was likely to be the work of a “top tier” hacking gang.

Though it admitted the incident took place, Entrust said it had “found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems”, but said it was working with a cybersecurity vendor and law enforcement agencies to investigate further.

LockBit is threatening to leak the entirety of the stolen data, suggesting any ransom demand made of Entrust has not been paid. Tech Monitor has contacted Entrust for comment.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Homepage digital identity image courtesy anyaberkut/iStock


Click Here For The Original Source.


————————————————————————————-

National Cyber Security

FREE
VIEW