The notorious LockBit ransomware gang is working on improving its infrastructure and technical capabilities for future campaigns. The group claimed they are improving their defences against distributed Denial-of-Services attacks and preparing their new triple extortion strategy.
They initiated the development of the group’s new defence after it suffered a DDoS attack on its corporate data leak website that restricts its access to other entities. Researchers stated that the DDoS attack was allegedly caused by one of its previous victims, Entrust.
The LockBit ransomware gang can now handle DDoS attacks.
The public-facing figure of the LockBit ransomware gang, dubbed LockBitSupp, announced that their group has been attacking targets again and devised a more extensive infrastructure that could handle DDoS attacks. Additionally, their site can now accommodate public access to view leaked data.
The stolen data from Entrust has been delayed temporarily after the DDoS incident happened. However, the delay resulted in the discovery of triple extortion tactics since the threat actors were given time to think.
Therefore, the LockBit ransomware operators included DDoS in their existing double extortion strategy of robbing the stolen data before encryption.
The malicious group included defences to prevent further DDoS attacks against them by utilising specific links in the ransom notes. Moreover, the operators revealed that they increased their duplicate servers and mirrors. They have also increased the availability of leaked data through Clearnet via bulletproof storage services.
Digital security agency Entrust was targeted by a ransomware campaign a couple of months ago, and the attack was listed on LockBit’s data site last month. The threat group announced they would share about 300 gigabytes of stolen data from Entrust and be willing to give private messages to any interested individual via torrent.
Based on reports, LockBit leaked a torrent coded as entrust[.]com that contains nearly 350GB worth of files.
LockBit ransomware has shown its maturity and development as a potential threat over an extended period. The group have also become more aggressive, with an attitude fit for a sophisticated threat group. Lastly, this group became more threatening to researchers as it added more weapons to its arsenal.