article featured image


LockBit ransomware gang – a ransomware operation that has been active for almost three years now listing over 700 victims – announced that is working on enhancing its defenses against distributed denial-of-service strikes and going to escalate the activity to triple extortion.

All these are the effects of a DDoS attack endured lately with the presumed purpose of stopping the group to publish stolen corporate data from the security giant Entrust.

The data was snatched on June 18 and was due to be made public on August 19 because Entrust company refused to pay the ransom. But the DDoS attack on LockBit’s leak site made this impossible.

The Ripple Effect of DDoS

LockBitSupp, the public image of the LockBit gang, said that they are now seeking to add DDoS to LockBit’s extortion tactics in addition to encrypting and data leaking.

The distributed denial-of-service attack was seen as an opportunity by the gang, as the triple extortion tactic will allow them to apply more tension on victims to pay a ransom.

“I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting,” said LockBitSupp, according to BleepingComputer.

The ransomware operation has recovered after the fight and announced a wider infrastructure conceived to allow leaks unperturbed by future DDoS attacks. Also, in future attacks, they will use unique links in the ransom notes for the victims.

They also announced an increase in the number of mirrors and duplicate servers, and a plan to increase the availability of stolen data by making it accessible over clearnet, too, via a bulletproof storage service.


What Happened with Entrust Data?

The DDoS attack put only a temporary stop to leaking Entrust data and it. LockBit is now up and running, and was willing to share the Entrust data leak with everyone interested in them. The individuals were encouraged to contact the gang in private.

After this, on August 27, LockBit released a torrent with 343GB of data called “entrust.com”, as was previously promised.

The operators wanted to make sure that Entrust’s data is available from multiple sources and, besides publishing it on their site, they also shared the torrent over at least two file storage services, with one of them no longer making it available.


If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *