A site that publishes data stolen from a company has been closed due to a mysterious DDoS attack, and the attacker also has a message saying 'Delete data shit'



The site `` LockBit '' that publishes information stolen from companies has been closed due to a distributed denial of service attack (DDoS attack) by someone. Just before the attack, LockBit threatened to leak data from security giant Entrust, which is believed to have triggered the attack.

LockBit ransomware blames Entrust for DDoS attacks on leak sites
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/

LockBit DDoS attack: ransomware gang targeted after Entrust leak
https://techmonitor.ai/technology/cybersecurity/lockbit-ddos-ransomware-entrust

LockBit gang hit by DDoS attack after Entrust leaks • The Register
https://www.theregister.com/2022/08/22/entrust_lockbit_ddos_ransomware/

LockBit, which is believed to be based in Russia, has continued to publish and improve ransomware since it was first spotted in 2019, deploying Ransomware as a Service (RaaS) and plans to launch in 2022. created LockBit 3.0 to accelerate attacks on enterprises.

According to digital security firm Digital Shadows, LockBit was one of the most active ransomware groups in 2022 and was believed to be responsible for roughly 33% of company data leaked in the second quarter. About.

Recent victims include French telecom operator La Poste Mobile and electronics manufacturer Foxconn, which was also contracted to manufacture the iPhone. In addition, LockBit has revealed that it was involved in an attack on security company Entrust in June 2022, threatening to disclose all stolen data, and gradually began to leak data from around August 18. I was there.

However, less than a day after the leak began, LockBit was hit by a DDoS attack, forcing LockBit to shut down the site.

It is not clear who was responsible for this DDoS attack, but at a later date, the security research group VX-Underground reported that it was contacted by a LockBit representative that ``the attack was by Entrust.'' Did. The reason why the attacker is Entrust is the image below showing the traffic of the DDoS attack, and you can see that 'DELETE_ENTRUSTCOM_MOTHERFUCKERS' is written in the string indicating the user agent.




According to LockBit, the attack is active, receiving 400 requests per second from over 1,000 servers. LockBit has expressed its willingness to fight back, stating, 'We promise to leak more data and the attacker's funds.'

Entrust's customers include the US Department of Homeland Security and other government agencies, insurance companies and technology companies such as Microsoft. At the time of the attack in June, Entrust said that ``the compromised internal system and products/services are separated,'' but said that it would cooperate with law enforcement agencies to respond. It is unknown whether Entrust was involved in this attack, and although media such as BleepingComputer have asked Entrust for a statement, it seems that no response has been obtained at the time of writing the article.

in Security, Posted by log1p_kr