In an unexpected turn of events, a ransomware operator has found itself on the receiving end of a distributed denial of service (DDoS) attack, all because they tried to leak stolen data.
According to a BleepingComputer report, the LockBit group breached the servers of Entrust, an identity, payment, and data protection service provider, late last month.
The group deployed ransomware to Entrust’s servers, demanded an $8 million payout and stole files including legal documents, marketing spreadsheets, and accounting data.
After the negotiation between the group and the company broke down, LockBit publicly took responsibility for the attack, and last Friday decided to leak the stolen data. At that time, the Tor data leak site was brought offline by a DDoS attack powered by more than 1,000 servers, with LockBit laying the blame on Entrust.
Who is behind the attack?
"Ddos (sic) attack began immediately after the publication of data and negotiations, of course it was them, who else needs it? In addition, in the logs there is an inscription demanding the removal of their data," LockBitSupp told BleepingComputer.
While it's possible Entrust may be behind the attack, this would likely be the first time a legitimate company used illegal means to force a ransomware operator into compliance.
The attack could also have originated with another malware or ransomware group which, for whatever reason, would benefit from LockBit removing Entrust’s data, or perhaps even the US government, security researcher Dominic Alvieri told BleepingComputer.
Whoever it the culprit, the attack is not stopping LockBit just yet. The group says it intends to upload the data as a torrent, which would make it almost impossible to take down.
TechRadar Pro has asked Entrust for comment, but has not yet received a response.
- Here's our rundown of the best firewalls right now