Security Experts:

Connect with us

Hi, what are you looking for?



LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data

The leak website of the LockBit ransomware operation has been taken offline by a distributed denial-of-service (DDoS) attack that appears to have been launched in response to the cybercriminals publishing data stolen from security company Entrust.

The leak website of the LockBit ransomware operation has been taken offline by a distributed denial-of-service (DDoS) attack that appears to have been launched in response to the cybercriminals publishing data stolen from security company Entrust.

The Entrust breach was discovered on June 18 and the firm started notifying customers on July 6. However, the intrusion only came to light on July 21, when a security researcher came across a copy of the notification sent by Entrust to customers.

Some researchers said at the time that Entrust had likely fallen victim to ransomware, but no group was named. On August 18, however, the LockBit group took credit for the attack, threatening to leak all the stolen files in 24 hours unless Entrust paid a ransom.

Shortly after the black hat hackers started publishing the Entrust data, their Tor-based leak website was hit by a DDoS attack. The attack requests aimed at the LockBit website included a string urging the cybercrime group to delete the stolen Entrust data.

LockBit hit by Entrust-linked DDoS attack

Cisco Talos researcher Azim Shukuhi said the cybercriminals claimed that they had been getting 400 requests per second from more than 1,000 servers.

It’s unclear who is behind the attack, but there has been speculation that it could be Entrust itself. The security firm has not shared any updates on the incident beyond its initial statement confirming the breach of systems used for HR, finance and marketing. The company said there was no evidence that the operation or security of its products and services was impacted.

At the time of writing, the LockBit 3.0 website appears to be mostly offline. SecurityWeek has managed to access it once and the page dedicated to Entrust displayed a message saying that LockBit operators are looking for a torrent tracker where they can upload the data stolen from the cybersecurity company. The hackers claim to have obtained 300 Gb of information.

Researcher Soufiane Tahiri has obtained a copy of what appears to be a chat between Entrust and the attackers. It shows that the hackers initially demanded a ransom of $8 million and then dropped it to $6.8 million, but the victim was only prepared to pay $1 million.

In response to the attack, the cybercrime group says it’s working on strengthening its infrastructure to protect it against future DDoS attacks and it wants to find alternative storage solutions that should allow them to leak data even if their website is disrupted. In addition, they plan on launching their own DDoS attacks against victims as part of a triple extortion model that includes file encryption, data leaks and DDoS attacks.

Related: Car Parts Giant Denso Targeted by Ransomware Group

Related: Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin

Related: Ransomware Gang Threatens to Leak Files Stolen From Tire Giant Bridgestone

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...