Blog

Days after a successful strike against cybersecurity giant Entrust, the LockBit ransomware gang claimed victimhood, saying Entrust’s DDoS strike rendered it incapable of releasing the stolen data. However, the ransomware gang has vowed to up its defences and launch triple extortion attacks. 

LockBit ransomware gang suffered a DDoS attack ahead of its planned release of Entrust data on August 19 after the latter refused to pay up. The data was stolen on June 18, 2022. Entrust is a leading solutions provider in identities, payments, and data protection. It had announced that an "unauthorized party" accessed parts of its network. However, it did not elaborate on the nature and extent of the attack.  

LockBit ransomware gang’s response 

According to LockBitSupp, LockBit's public face, the gang will incorporate DDoS attacks into its arsenal. The plan is to use DDoS, encryption, and public leak threat as part of its broader triple extortion tactic. 

The gang believes that the triple extortion approach would prevent targets from refusing to pay up while circumventing the fiasco as it suffered in the Entrust episode. LockBitSupp told BleepingComputer that he is looking for dudosers (DDoSers) to join the team. 

"Most likely now, we will attack targets and deliver triple extortion, encryption, data leak, and dudos because I have experienced the force of dudos and how it invigorates us and makes life more fun." The gang hinted at its larger plan to protect future leaks from DDoS attacks. The ransom messages will contain unique links to future attacks, LockBitSupp said.

Where is Entrust Data now?

Entrust data leaks were only temporarily halted by the DDoS attack. The Entrust data is now available to any interested party, as LockBit is back in operation. The gang encouraged individuals to contact them privately. Afterward, LockBit, as promised, released a torrent with 343GB of data titled "entrust.com" on August 27. As a precaution, the operators also uploaded the torrent to two file storage sites that are no longer available, alongside publishing it on their website.

How the LockBit ransomware gang plans to blunt DDoS attacks?

Victims' ransom notes may include unique links to prevent future DDoS attacks. LockBitSupp wrote that it has already developed the randomization of links in locker notes. It also announced an increase in mirrors and duplicate servers and a proposal to make stolen data more accessible over the clearnet via a bulletproof storage facility. They stated that each build of the locker would have a unique connection that a DDoSer would be unable to recognize.

How can you stop a DDoS attack?

DDoS attacks use infected machines and linked devices throughout the internet, including Internet of Things (IoT) devices, smartphones, personal computers, and network servers, to flood targets with unwanted traffic. DDoS attacks can cause downtime and prevent legitimate users from purchasing things, accessing services, obtaining information, or gaining access to a company's website, web application, APIs, network, or data center infrastructure.

To mitigate a distributed denial-of-service attack, your DDoS protection provider will implement a series of countermeasures. With the sophistication of modern attacks increasing, cloud-based DDoS mitigation protection can provide defence-in-depth security at scale, ensuring that back-end infrastructure and internet-facing services remain operational. Organizations can use DDoS attack protection services to:

• To reduce the attack surface and commercial risk.

• Avoid business-impacting downtime.

• Prevent web pages from going offline.

• Improve response time to a DDoS event and optimize incident response resources.

• Reduce the time it takes to understand and investigate a service issue.

• Prevent staff productivity loss.

• Develop countermeasures to a DDoS assault.

• Prevent brand reputation loss and bottom-line damage.

• Keep application uptime and performance consistent across digital estates.

• Reduce the costs associated with online security.

• Protection against extortion, ransomware, and other new and evolving dangers.

Conclusion 

Organizations can use DDoS-specific cybersecurity solutions to minimize their attack surfaces and reduce the risk of business-impacting outages and interruptions. As a result, legitimate visitors can still access your organization's website while an assault is blocked. Adequate safeguards against DDoS minimize the impact of the assault by preventing harmful traffic from reaching its intended target.