Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 23, 2022Rewterz Threat Alert – Emotet – Active IOCs
August 24, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 23, 2022Rewterz Threat Alert – Emotet – Active IOCs
August 24, 2022Severity
High
Analysis Summary
The data leak sites of the LockBit ransomware campaign were taken down over the weekend owing to a DDoS attack instructing them to erase Entrust’s purportedly stolen data.
Entrust, a giant in digital security, revealed a cyberattack in late July, disclosing that threat actors had infiltrated its network in June and stolen data. The Lockbit ransomware group claimed to release the stolen files after declaring to have hacked the company. The LockBit 3.0 Tor leak site added the name of the company.
The data dump comprised of 30 images of allegedly stolen Entrust data, including legal documents, marketing spreadsheets, and accounting data.
Researchers began reporting that the ransomware gang’s Tor data leak sites were inaccessible due to a DDoS attack shortly after they began releasing data. According to the security research group VX-Underground, the DDoS attacks against the gang’s Tor sites were carried out by someone associated with Entrust.
“Ddos attack started right away once data was published and discussions took place; of course it was them; who else needs it? Additionally, there is a demand for the deletion of their data in the logs’ inscription “In response to inquiries concerning the attack, LockBitSupp provided the information.
Attackers submitted HTTPS requests that contained a message to LockBit group instructing them to erase Entrust’s data in the browser’s user agent field.
In response to the attack, a statement has appeared on LockBit’s data leak websites informing users that the ransomware gang intends to torrent all of Entrust’s data, making it nearly impossible to take down.
The security researcher Soufiane Tahiri participated in discussions between the Lockbit group and Entrust. According to this communication, the group first requested a $8 million ransom before lowering their demands to $6.8 million.
Additionally, according to reports from LockBitSupp, Accenture was a previous victim who attempted a similar attack against their data leak sites in the past but failed.