Last week, after the hack of the information security company Entrust, the hacker group LockBit was subjected to powerful DDoS attacks. Now hackers say they have improved DDoS protection and plan to do triple extortion in the future, using these attacks as additional leverage over victims.
Let me remind you that we also reported that Hackers Launched LockBit 3.0 and bug bounty Ransomware, and also that experts find similarities between LockBit and BlackMatter.
Let me remind you that Entrust was hacked in June 2022. Next, the company confirmed to the media that Entrust had been the subject of a ransomware attack, in which data was stolen from its systems. Next, the site that the LockBit hacking group uses to “leak” data has a dedicated section for Entrust. The attackers said they would post all information stolen from the company there. Usually such actions mean that the victimized business has refused to negotiate with the extortionists or comply with their demands.
However, shortly after the data was released, the Tor The hackers’ site went down, and the group reported that they had been the victim of a DDoS attack precisely because of the Entrust hack. The fact is that DDoS are accompanied by messages: “DELETE_ENTRUSTCOM_MOTHERFUCKERS”.
As beeping computer journalists write now, a representative of the group known as LockBitSupp announced that the group was resuming operations with a more serious infrastructure, and now the data leak site no longer fears DDoS attacks.
Additionally, the hackers said they took advantage of this DDoS attack to learn triple extortion tactics that could be useful to them in the future. Indeed, with the help of DDoS attacks, additional pressure can be put on victims to pay a ransom (in addition to data encryption and threats to release stolen information into the public domain).
I am looking for dudos in the team, most likely now we will attack targets and engage in triple extortion: encryption + data leak + dudos, because I have felt the power of dudos and how it invigorates and makes the more interesting life.LockBitSup writes on a hacker forum.
LockBit also promised to distribute all stolen data to Entrust via a 300GB torrent so “the whole world knows your secrets”. At the same time, a representative for the group promised that the hackers would initially share Entrust data privately with anyone who contacts them. Journalists note that over the weekend LockBit has already released a torrent called “entrust.com”, containing 343 GB of information.
When it comes to protecting against DDoS attacks, one of the methods hackers have already implemented is the use of unique links in ransom notes. “The function of link randomization in locker notes has already been implemented, each assembly in the locker will have a unique link that the dudoser will not be able to recognize,” says LockBitSupp.
The hackers also announced an increase in the number of mirrors and backup servers, and also plan to increase the availability of stolen data by publishing it on the Internet and using “bulletproof” hosting for it.