Elain Brown Tech 08.29.2022 04:Aug AM EDT

LockBit Ransomware Strengthens Extortion Schemes Amidst DDoS Attacks

The LockBit ransomware group stated that it is working to enhance the level of extortion with its operation.

Apart from the intensified plans for extortion cyberattacks, the threat actors also stated that they have deployed new ways to defend themselves against distributed denial-of-service (DDoS) attacks on their systems.

It has been rumored that the ransomware group recently endured a DDoS attack. It is widely assumed that it was carried out on behalf of Entrust, blocking access to information posted on its corporate leaks website.

Entrust is a software company that was breached by the LockBit ransomware group on June 18. LockBit declared that it would release all the stolen material on August 19 if Entrust did not pay the ransom.

However, this was halted when a DDoS attack on the gang's leak site that was thought to be related to Entrust occurred.

LockBit Ransomware Is Strengthening Operations

The LockBit ransomware gang publicly stated in their support, earlier this week that they are back in business with a larger infrastructure to enable access to leaks undaunted by DDoS attempts.

The DDoS attack that took place over the weekend and temporarily halted the leakage of Entrust data. However, the gang also took the time as an opportunity to investigate the triple extortion strategy they are planning in order to put further pressure on victims to pay in their ransom attack.

The ransomware group is looking to use DDoS as an additional extortion method on top of encrypting data and releasing it as a form of extortion.

According to BleepingComputer, on a hacker forum, LockBitSupp wrote, "I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting."

Additional measures are being taken by the ransomware group to avoid any subsequent DDoS assaults. One of the ideas that they have come up with is to include one-of-a-kind links in the ransom notes that they send to the victims.

LockBit also plans to expand the availability of the stolen data by making it accessible over the clearnet as well as through a fireproof storage facility.

LockBit's Data Breach on Entrust

BleepingComputer reported in July that Entrust had suffered a cyberattack that was detected on June 18 where threat actors breached their network and stole data from internal systems.

While the breach was being investigated, Entrust refused to disclose any information regarding the assault or confirm whether it was ransomware.

Despite this, it became public knowledge that a notorious ransomware gang had hit Entrust after obtaining access to the corporate network from network access dealers.

The ransomware gang known as LockBit has also taken responsibility for the cyberattack that occurred on the company.

Since the tech company refused to pay the threat actors the ransom money they were demanding, the LockBit ransomware gang threatened to publish more than 300 gigabytes worth of data that had been taken from Entrust in a torrent.

Before making the leaked Entrust data public on Torrent, a spokesman for LockBit stated that it would be made available to anyone who contacted them.

It would appear that LockBit has maintained its word and has published a torrent with the name "entrust.com" that contains 343 gigabytes of content this weekend.

In addition to publishing it on their website, they also distributed the torrent across at least two different file storage services. However, one of those services has since stopped making it accessible to users.