The cybersecurity threat landscape changes fast, and for most companies it’s a struggle to keep on top of the latest trends without compromising on their operations. Attempting to identify the culprits behind a given cyber-attack by leveraging numerous tools has become significant for cybersecurity analysts and researchers.
The LockBit Ransomware gang is embroiled in a battle after it caused a data breach of the security giant Entrust on June 18. The incident was reported by bleeping computer stating that allegedly as a result of the corporate data breach of Entrust they have launched a distributed denial-of-service (DDoS) attack against lockbit ransomware gang which hindered the access to the data published by the gang on their corporate leaks site. The Lockbit Ransomware gang has announced that it will pursue more aggressive tactics as a retaliation,involving triple extortion, a strategy that seeks to add additional pressure on a victim company by targeting its affiliates, clients, or suppliers. If adopted more broadly, the triple-extortion tactic could present prodigious development in the cybersecurity threat landscape endangering businesses and organizations.
The public dealing figure of Lockbit Ransomware group has also shared that they are expanding their infrastructure to remain unnerved from DDoS attacks and is actively recruiting new DDoS attack members after its sites were taken offline for days putting a halt to Entrust’s data leakage. The Lockbit ransomware gang has changed their strategy to combat DDoS attacks and in addition to triple extortion, LockBit also said it would begin including unique and randomized payment links in each ransom note, enhanced use of mirrors and duplicate servers, making it difficult for counter-measures like DDoS attacks to impact the threat actor’s payment site.They also disclosed their intention to extend the ease of access of stolen data by making it available easily. The gang vowed to make accessible 300GB of data stolen from Entrust over torrent for the entire world to see. The operators ensured to make the Entrust’s data available from multiple sources besides publishing it on their own site. By keeping its promise Lockbit released 343GB of files comprising Entrust’s data labeled as “entrust.com” and has also made the stolen Entrust’s data available over a clearnet’s website for a limited period of time.
LockBit claims Entrust is behind the attack against it, however, it is unlikely that Entrust being a legitimate cybersecurity giant would ever admit to running offensive security operations. If the speculation that Entrust launched a DDoS attack against Lockbit turns out to be true then it would be an unprecedented incident involving a cybersecurity company undertaking an offensive security operation against a ransomware organization.