LockBit Ransomware Gang’s Dark Web Site Crippled by DDoS Attack After Claimed Breach of Cybersecurity Giant Entrust
"ODN" has reported that the LockBit ransomware group released "LockBit 3.0", which launched multiple dark web mirror sites and introduced the first ransomware exploit bounty program. Recently, after the LockBit ransomware group claimed responsibility for a cyber attack against cybersecurity giant Entrust in July, Entrust has reportedly started to fight back by directly D-deleting the LockBit ransomware group's dark web page.
Entrust, which claims to be a global leader in identity, payments and data protection, said in late July that an "unauthorized party" accessed part of its network, but declined to describe the nature of the attack or say whether customer data was stolen. Homeland Security, the Department of Energy and the Treasury Department.
On Friday, LockBit, a well-known ransomware group that previously claimed attacks on Foxconn and Accenture, claimed responsibility for a July cyberattack against Entrust by adding Entrust to its dark web leak site. The group began leaking the company's internal data this weekend, suggesting that Entrust might refuse to meet the group's ransom demands.
But shortly afterward, an apparent distributed denial-of-service (DDoS) attack forced LockBit's dark web leak site offline.
Azim Shukuhi, a security researcher at Cisco Talos, quotes a LockBit member named "LockBitSupp" who claims that the site "receives 400 requests per second from over 1,000 servers ". While the perpetrator of the DDoS attack remains unknown, the same LockBit member told Bleeping Computer that the attack "started immediately after the data was released and negotiated," and separately told malware research group VX-Underground that they believe the attack was initiated by someone associated with Entrust-related parties, as the attack used the "DELETE_ENTRUSTCOM_MOTHERFUCKERS" User-Agent header.
LockBit's website remained largely inaccessible Monday, but briefly displayed a message warning that the group planned to upload Entrust's stolen data to a peer-to-peer network, making it nearly impossible for the data to be deleted.
Under U.S. law, offensive cyberattacks - or "countering" cybercriminals, such as launching DDoS attacks against unwilling participants - are illegal and can be punished under the Computer Fraud and Abuse Act. Computer Fraud and Abuse Act (CFAA), which can be classified as a federal criminal offense. The hack-back option has been hotly debated for years as a possible alternative to protecting U.S. companies from international threats, although critics say allowing private companies to engage in cyberwarfare could exacerbate diplomatic tensions and destabilize national relations.
Or, as one security researcher put it, "The idea that cybersecurity companies would attack around DDoS would set a dangerous precedent."
"ODN" visited the LockBit ransomware group's dark web domain: http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
It was discovered that the LockBit ransomware gang is still unable to resist DDoS attacks on their dark web site, and they have temporarily placed a message on one of their Tor domains.
Does anyone know a good torrent tracker where I can upload greedy entrust.com com files? Please write to tox 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7
Twitter user Azim Shukuhi (@AShukuhi) said it asked LockBit how the weekend was going and if the DDOS attacks were continuing, to which LockBit replied: "Hello, normal weekend, energetic with the help of DDOS, 100,500 mirror sites and modern protection measures already installed. It's not just life, it's some kind of party. Before that it was actually a bit boring."
For more Dark Web news updates, please follow "ODN".
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.