"LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data"
The leak website of the LockBit ransomware operation has been taken offline by a distributed denial-of-service (DDoS) attack that appears to have been launched in response to the cybercriminals publishing data stolen from security company Entrust. The Entrust breach was discovered on June 18, and the firm started notifying customers on July 6. Shortly after the black hat hackers started publishing the Entrust data, their Tor-based leak website was hit by a DDoS attack. The attack requests aimed at the LockBit website included a string urging the cybercrime group to delete the stolen Entrust data. Security researchers at Cisco Talos stated that the cybercriminals claimed they had been getting 400 requests per second from more than 1,000 servers. It is currently unclear who is behind the attack, but there has been speculation that it could be Entrust itself. The security firm has not shared any updates on the incident beyond its initial statement confirming the breach of systems used for HR, finance, and marketing. In response to the attack, the LockBit ransomware group stated that it's working on strengthening its infrastructure to protect it against future DDoS attacks, and it wants to find alternative storage solutions that should allow them to leak data even if their website is disrupted. In addition, they plan on launching their own DDoS attacks against victims as part of a triple extortion model that includes file encryption, data leaks, and DDoS attacks.