The LockBit ransomware group is now working towards improving its protection against DDoS attacks as well as adding triple extortion to its malicious operations. These actions are triggered by a recent clash between LockBit criminals and security firm Entrust.
LockBit Is Improving Its Infrastructure
LockBit launched an attack against Entrust during which data was stolen, possibly to be used in double extortion schemes. Ransomware operators usually publish stolen data on its corporate leak site. However, the leak site recently suffered a DDoS attack, possibly carried out by Entrust, that prevented access to the published data.
It is noteworthy that the company didn’t proceed with ransom payment. Then, LockBit said it would publish all stolen Entrust data on August 19, which was impossible due to the DDoS attack. Despite not being confirmed, it is believed that the DDoS attack was initiated by Entrust.
As a response to the attack it suffered, LockBit announced that the group upped its game by creating a larger infrastructure allowing access to leaks enabled by DDoS. Triple extortion, or demanding ransom payments from the victim’s customers, partners, and other third parties related to the initial attack, is another addition to LockBit’s modus operandi.
“I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting,” LockBitSupp, the public representative figure of the gang, shared in a post on an underground forum.
In addition to the above statement, LockBitSupp said they would share Entrust’s stolen data over a torrent of the size of 300GB. The data would be shared privately with anyone that gets in touch with them prior to finalizing the torrent. The cybercriminals kept their promise and released a torrent dubbed entrust.com that contains 343GB of information. Another large company in the ransomware’s list of victims is Accenture.
In August, SentinelLabs reported a new iteration of the ransomware – LockBit 3.0 or LockBit Black – which was equipped with a series of anti-analysis and anti-debugging routines, and the capability to exploit another legitimate tool – Windows Defender.