Over the weekend of the 20th of August 2022, the LockBit ransomware operation’s data leak sites have been shut down due to a DDoS attack in response to LockBit claiming responsibility for the cyberattack against Entrust that occurred in July. LockBit started to leak data that was allegedly stolen from Entrust, including legal documents, marketing spreadsheets, and accounting data.
Shortly after LockBit started leaking data, cyber security researchers started reporting that the ransomware gang’s Tor data leak sites were unavailable due to a DDoS attack. And on Sunday 21st of August 2022, the security research group, VX-Underground learned from LockBitSupp, the public-facing representative of the LockBit ransomware operation, that their Tor sites were under attack by someone they believed to be connected to Entrust.
“Ddos attack began immediately after the publication of data and negotiations, of course it was them, who else needs it? In addition, in the logs there is an inscription demanding the removal of their data,” – LockBitSupp.
LockBit stated that they believed the DDoS attack connected to Entrust as the HTTPS requests from the attack had a message added in the browser user agent field telling LockBit to delete Entrust’s data. The attack was believed to consist of “400 requests a second from over 1000 servers.”
Although LockBit has responded to the DDoS attack by adding a message to their data leak sites warning that they plan to upload all of Entrust’s data as a torrent, which will make it almost impossible to take down.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.