"LockBit, ALPHV, and Other Ransomware Gang Leak Sites Hit by DDoS Attacks"

The Ransomware-as-a-Service (RaaS) groups LockBit and ALPHV, also known as BlackCat, along with other ransomware gangs, have been the focus of Distributed Denial-of-Service (DDoS) attacks targeting their data leak sites to cause downtime and outages. Since August 20, Cisco Talos has been monitoring various RaaS groups, including Quantum, LV, Hive, Everest, BianLian, Yanluowang, Snatch, and Lorenz. According to forum posts by the LockBit gang's technical support arm, "LockBitSupp," the attacks have significantly impacted the group's activities, with about 1,000 servers targeting the leak site at nearly 400 requests per second. Many of the impacted groups are still experiencing connectivity issues and intermittent outages to their data leak sites, including frequent disconnects and unreachable hosts, thus implying that this is part of a sustained effort to thwart updates to those sites, according to a Talos blog post. The groups have responded in various ways, with some redirecting web traffic elsewhere, as in the case of the Quantum group, and others beefing up DDoS protections. Given that this activity continues to disrupt and impede these affiliates' and operators' ability to publicly post new victim information, the researchers expect different responses from different groups, depending on the resources available to them. According to Aubrey Perin, lead threat intelligence analyst at Qualys, the victims of criminal hacking gang activity would benefit from a DDoS attack on RaaS leak sites. She emphasizes how effective these attacks are at halting ransomware operations, with outages giving defenders valuable time to investigate. Extortion tactics become far more complicated, and in some cases benign, when gangs are unable to list victim information. However, because today's bad actors are becoming more sophisticated, they may be able to find workarounds quickly. This article continues to discuss the DDoS attacks targeting RaaS groups' data leak sites. 

Dark Reading reports "LockBit, ALPHV, and Other Ransomware Gang Leak Sites Hit by DDoS Attacks"