Group ransomware attack by victim – Digi.no

In July, cybersecurity firm Entrust announced that data had been stolen. Last week, ransomware group LockBit claimed responsibility for the attack and began leaking files on the online leak site. Shortly after the leaks were announced, LockBit was attacked with a denial of service Writes Bleeping Computer.

Bleeping Computer spoke to LockBit support who told the site that the attack started right after the Entrust files were published.

– The DDoS attack started right after the data was published and negotiations, of course they are, who needs it too? At the same time, there is also text in the log that requires us to remove the data, LockBitSupp wrote to Bleeping Copmuter.

Security researchers from the VX-Underground group gained access to logs that clearly show the text “DELETE_ENTRUSTCOM_MOTHERFUCKERS”, a clear message that Entrust files should be deleted.

Not the first time

This is not the first time that LockBit has been subjected to a denial of service attack from the victim. LockBitSupp, a spokesperson for the group, told Bleeping Computer that Accenture has also tried this in the past

Previous people who have done this are Accenture, but they weren’t so good at it, Entrust was a more successful attack, says the ransomware group.

Entrust has not commented on the attack, and no one has claimed responsibility. Security experts are not sure if security firm Entrust is behind the LockBit counterattack. Azim Shkohi, CTI Security Analyst for Talos, wrote on Twitter that LockBit competitors may be imitating Entrust.

Do we have evidence that a cybersecurity company is carrying out a DDoS attack? It would be very unusual and in a way a paradigm shift. There may be competitors or someone who has an antagonistic relationship with those at the top among those in the ransomware-as-a-service world.