In July, cybersecurity firm Entrust announced that data had been stolen. Last week, ransomware group LockBit claimed responsibility for the attack and began leaking files on the online leak site. Shortly after the leaks were announced, LockBit was attacked with a denial of service Writes Bleeping Computer.
Bleeping Computer spoke to LockBit support who told the site that the attack started right after the Entrust files were published.
– The DDoS attack started right after the data was published and negotiations, of course they are, who needs it too? At the same time, there is also text in the log that requires us to remove the data, LockBitSupp wrote to Bleeping Copmuter.
Security researchers from the VX-Underground group gained access to logs that clearly show the text “DELETE_ENTRUSTCOM_MOTHERFUCKERS”, a clear message that Entrust files should be deleted.
Lockbit: “Service disabled due to Entrust hack”
vx-underground: “How do you know it’s due to an Entrust breach?”
– vx-underground (vxunderground) August 21 2022
Not the first time
This is not the first time that LockBit has been subjected to a denial of service attack from the victim. LockBitSupp, a spokesperson for the group, told Bleeping Computer that Accenture has also tried this in the past
Previous people who have done this are Accenture, but they weren’t so good at it, Entrust was a more successful attack, says the ransomware group.
Entrust has not commented on the attack, and no one has claimed responsibility. Security experts are not sure if security firm Entrust is behind the LockBit counterattack. Azim Shkohi, CTI Security Analyst for Talos, wrote on Twitter that LockBit competitors may be imitating Entrust.
Do we have evidence that a cybersecurity company is carrying out a DDoS attack? It would be very unusual and in a way a paradigm shift. There may be competitors or someone who has an antagonistic relationship with those at the top among those in the ransomware-as-a-service world.
Do we have evidence that a cybersecurity company implements DDoS? That would be a somewhat unprecedented paradigm shift. It could be a competitor or it could be someone who has enmity towards those first from within the RaaS realm. No evidence for that yet 🙁
– Azim Shuhhi (AShukuhi) August 22 2022
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”