Last week, after the information security company Entrust was hacked, the LockBit hacker group was subjected to powerful DDoS attacks. Now the hackers say they have improved DDoS protection and plan to do triple extortion in the future, using such attacks as additional leverage on victims.
Let me remind you that Entrust was hacked back in June 2022. Then the company confirmed to the media that Entrust was subjected to a ransomware attack, during which data was stolen from its systems. Then, the site that the LockBit hack group uses to “leak” data has a section dedicated to Entrust. The attackers said they were going to publish there all the information stolen from the company. Usually, such actions mean that the victim company has refused to negotiate with the extortionists or comply with their demands.
However, shortly after the publication of the data, the Tor site of the hackers went down, and the group reported that it had been subjected to a DDoS attack precisely because of the Entrust hack. The fact is that DDoS is accompanied by messages: “DELETE_ENTRUSTCOM_MOTHERFUCKERS”.
As Bleeping Computer journalists now write, the group’s spokesman, known as LockBitSupp, announced that the group is back in operation with a more serious infrastructure, and now the site for leaking data is not afraid of DDoS attacks.
Moreover, the hackers said they took this DDoS attack as an opportunity to learn triple extortion tactics that could be useful to themselves in the future. Indeed, with the help of DDoS attacks, you can put additional pressure on victims to pay a ransom (in addition to data encryption and threats to publish stolen information in the public domain).
“I am looking for dudosers in the team, most likely now we will attack targets and engage in triple extortion: encryption + data leak + dudos, because I felt the power of dudos and how it invigorates and makes life more interesting,” writes LockBitSup on a hacker forum.
Also, LockBit promised to distribute all the data stolen from Entrust via torrent rum 300 GB, so that “the whole world will know your secrets.” At the same time, a representative of the group promised that at first the hackers would share Entrust data privately with anyone who contacts them. Journalists note that over the weekend, LockBit has already released a torrent called “entrust.com”, containing 343 GB of information.
When it comes to protecting against DDoS attacks, one of the methods already implemented by hackers is the use of unique links in ransom notes. “The function of randomizing links in locker notes has already been implemented, each assembly of the locker will have a unique link that dudoser will not be able to recognize,” says LockBitSupp.
The hackers also announced an increase in the number of mirrors and backup servers, and also plan to increase the availability of stolen data by publishing it on the regular Internet and using “bulletproof” hosting for this.