Months after the ransomware attack on the digital security firm Entrust, the notorious threat group LockBit had claimed to be the culprit behind it, threatening to leak the stolen data from the firm on their dedicated leak website.
The attack on June 18th this year drove Entrust to announce the situation to all their customers, underlining that data had been stolen from their internal systems. The security firm also assured the affected customers and partners that they would share more details as they learned from the investigation.
At that time, Entrust had not disclosed whether a ransomware group had launched the attack on them. However, security researchers believe their systems were hacked by a ransomware group that bought access to a ‘network access’ vendor on the dark web.
The recently found data leak page of LockBit was dedicated to the security firm Entrust, whereby the ransomware group threatened to publish all of their stolen data soon.
Based on usual instances, ransomware groups only leak a victim’s stolen data if they fail to cooperate with their negotiations. In this case, the experts believe that the security firm may have declined to pay the ransom demands of the threat group, thus forcing them to publish the data soon.
Moreover, as LockBit had claimed the attack on Entrust, the researchers’ suspicions in the past months have been proved correct.
On August 19th evening, the ransomware group began leaking the stolen data from Entrust. LockBit had first shared some screenshots to prove that they are determined about their plans to publish the data. As researchers continued to monitor the leak, they discovered that it contained accounting and legal docs and marketing spreadsheets.
Strangely, a little while after LockBit began leaking Entrust’s alleged stolen data, the threat group claimed that their Tor website was suffering from a DDoS attack that had taken it offline. There are currently no further updates from the affected security firm and the ransomware group.
Since LockBit remains one of the most active ransomware groups in the wild, security researchers continue to monitor its activities, alongside its fast-evolving adoption of new TTPs to implement in their cyberattacks.