The attacker becomes the hunted: the Lockbit group copied and leaked internal data from the security company, their servers succumbed to DDoS .

It is now clear that the people behind the Lockbit ransomware are behind attacks on the US IT security service provider . In order to increase the pressure to pay the ransom, the attackers published copied internals on the Internet. But now the leaking server has been paralyzed by DDoS attacks. It is not yet clear who is behind it.

clear message

Security researchers from vx-underground, among others, report on this on Twitter. The DDoS attacks are said to come from more than 1000 servers and have 400 requests per second. The Lockbit servers in the Tor network could not withstand this onslaught and the leaked company information went offline.

The attacks are said to have started shortly after the data was posted online. According to the researchers, the attacks were accompanied by the message: “ DELETE_ENTRUSTCOM_MOTHERFUCKERS “. The connection to the Entrust incident is therefore obvious.

Lockbit suspects that the security company is behind the attacks to prevent the internal data from being published. However, it could also be a competing ransomware gang. So far, however, there is no evidence for either assumption.

As a countermeasure, Lockbit has now announced that it will circulate the internals as a torrent. This would make removing the data from the Internet almost impossible. The case reportedly involves an $8 million ransom. It is now said to have been reduced to $6.8 million.

Unauthorized Access

According to the Entrust report, the attackers are said to have gained access to internal systems on June 18th. On July 6, the service provider made the incident public and admitted that there was successful access to internal data.