After suffering a DDoS attack, reportedly on behalf of digital security company Entrust, the Lockbit ransomware gang has announced that it’ll be strengthening its defences against DDoS attacks and will be taking the operation to a triple extortion level.
Entrust was one of the gang’s victims in a June 18 attack where data from the company was stolen by Lockbit. The company confirmed the incident, including the fact that the data was stolen and did not pay the demanded ransom either. Lockbit announced that it’ll publicly release the data on August 19, and the DDoS attack was reportedly an attempt to stop Lockbit from publishing the stolen data on its corporate leaks website.
Following the attack, Lockbit’s infrastructure and operations were temporarily down. However, the group is now looking to add DDoS as an extortion tactic on top of data encryption and leaks to put more pressure on the victims to pay the ransom.
As retaliation for Entrust’s alleged DDoS attack, the gang has also promised to share over 300GB of stolen data from Entrust, claiming that they’ll share the data first with anyone who contacts them privately before making it publicly available as a torrent. And sure enough, Lockbit released a torrent named “entrust.com” containing 343GB of files.
To avoid getting DDoSed again and to ensure that the torrent is delivered, the gang made the data available from multiple sources and, outside of publishing it on their website, also shared the torrent over two file-sharing services, one of which has made the download unavailable.
Lockbit’s public spokesperson, LockBitSupp, also posted on a hacking forum announcing that the group is increasing the number of mirrors, and duplicate servers and is exploring new methods of DDoS prevention. They’re also going to start randomising links in ransom notes, making it harder to target a specific server in addition to making the stolen data accessible over the clearnet using a “bulletproof storage service”.
The gang is also actively looking for ‘dudosers’ in the team to move forward with the new triple extortion tactic as they’ve felt the power of DDoS attacks and feel that it “makes life more interesting”.