What is LockBit Ransomware?
LockBit is a new type of ransomware that encrypts your computer and demands you pay a ransom in order to get your files back. LockBit is highly dangerous because it doesn’t just encrypt the data on your computer but also deletes any backups you might have.
The LockBit operation’s leak sites have been taken down for an alleged DDoS attack directed at Entrust. They will know if it was stolen or not in this data leak, but these websites and all their products have been discontinued.
It was reported in late July that a cyberattack had occurred at the end of June on Entrust’s network. The company confirmed that personal data had been stolen during this intrusion, but said it was unable to confirm which specific data items were or were not accessed. At the time of reporting, we were told it was a ransomware attack but this information has not been confirmed.
As soon as the ransomware attackers started leaking data, researchers started to report that their Tor data leak sites were down, most likely from a DDoS attack.
One of the many benefits of TOR websites is that they are mostly under anonymity. Unfortunately, intruders have found a way to breach past the security measures that these websites provide and are attacking them. It is uncertain who this attacker might be but it is speculated that he/she may be connected to Entrust.
It’s clear from this HTTPS communication that the attacker meddled with LockBit by adding a message to the user agent field. The message tells LockBit to delete data from Entrust before logging into the app.
Cisco Talos researcher Azim Shukuhi tweeted that LockBit’s servers were subject to a DDoS attack consisting of 400 requests per second over 1000 servers.
As a reaction to the attack LockBit had to shutdown, the data leak monitor now displays that the perpetrator plans on uploading everything to a torrent. This makes it almost impossible to remove LockBit’s data.
The threat actors have shared information about the alleged negotiations that took place between Entrust and a ransomware gang. The first demand given was $8 million, but it was dropped to $6.8million later due to various factors.
I was discussing the use of AI writers with a colleague at Accenture, who said that they had experimented with this, but weren’t very successful. The company I work for (Entrust) has been more successful when it came to our AIs.
It has been suspected that the data leak sites for the ALPHV Ransomware operation were subject to a DDoS attack as well this weekend. Whether or not these assaults are related is still unknown. .ALPHV Ransomware’s website was one of the most prominent data leaks in recent history, containing around 50 million records from 39 countries and regions. DDoS has been a large problem in recent years, with many organizations suffering from data leaks and DDoS attacks. The exploitation of these data leaks for ransom is another major issue to be addressed. While the threat landscape is constantly evolving and adapting, there is still no quick solution to these events. In addition, it should also be noted that the majority of these data leaks have not been a result of a broken security measure – they are the result of a successful cyber-attack.
LockBit is currently experiencing a DDoS attack.
LockBit is said to be based out of Russia and has undergone many rebrands since first appearing in 2019. It has now been spotted as LockBit 3.0, having had three different versions since its first appearance.
The group has been one of the most active this year, according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites during the second quarter this year with 231 victims.
Recent victims include French mobile phone network La Poste Mobile and electronics manufacturer Foxconn, and on Friday their cyber crime gang said it was behind the June attack on Entrust, which provides digital ID & security services for businesses, and claims that it planned to publish all stolen data online. It’s understood that the breach from over the weekend was what triggered this DDoS attack which has taken down their platform.
Security firm or threat actor behind attacks?
The security firm or threat actor behind attacks is a difficult question to answer. It is plausible that the same individual or group could be behind an attack and also provide security services. There are multiple ways data can get stolen. For example, maybe a company is breached by an employee at their customer service department who then sells all of that information to a marketing firm.
There are two main types of security firms: those who offer cyber protection and those who offer cyber offense services. The former defend against attacks and the latter help organizations find vulnerabilities for their own benefit. .The internet service provider (ISP) is the company who provides your internet connection. The ISP also helps organizations find vulnerabilities for their own benefit. The computer is where a user can use a computer’s power and intelligence to complete tasks ranging from work to play. Computers make up one of the most important parts of our society, with over two billion computers in use around the world. The computer is where a user can use a computer’s power and intelligence to complete tasks ranging from work to play. Computers make up one of the most important parts of our society, with over two billion computers in use around the world.
So, at this point it is unclear if Entrust are the ones behind these attacks or if they’re competitors just trying to take advantage.
Security researchers have been puzzled by LockBit’s security breach, some suggesting that it may not be a cybersecurity company conducting these types of attacks.
DDoS is a serious and expensive problem, and while it’s true we have no evidence that an attack has been carried out by one of these cybersecurity firms, the idea is worth looking into. And if you don’t know, now you know.
“The idea that a cybersecurity company would be publicly going against the trend of other companies and launching their own DDoS is alarming,” tweeted a threat intelligence researcher known as Cyberknow.
We can’t tell who exactly has the skills to perpetrate a ransomware attack, but we have proven that this type of crime can allow cyber-savvy criminal organizations from going after innocent users.
As victims, cybersecurity companies or even national governments might be using this tactic as well, it’s unclear what the future may hold.