The LockBit hacker group went around the servers of a cyber company, leaked some of the documents on the dark web - and then came the revenge
 |
| The LockBit hacker group went around the servers of a cyber company, leaked some of the documents on the dark web - and then came the revenge (image Source: Pixabay) |
For the most part, ransomware attacks are pretty standard. You know, the attackers manage to find a way into an organization, they steal a lot of information and encrypt it and then reach a crossroads: either they get paid (for the full amount they demanded or after negotiations) and open the encryption; Or their victims will decide not to pay and then the information will be leaked to a dedicated website. But all this is true when it comes to a normal company, not a security company.
Who is behind the DDoS?
The LockBit hacker group is the developer of one of the world's most popular ransomware that bears its name. How organized and popular the business is can be learned from the fact that LockBit came out with its own Bug Bounty program .
About two months ago, Lockbit managed to break into the servers of the American cyber company Entrust, steal valuable internal information and encrypt it. Interest itself disclosed the hack last month, but did not reveal who the group of hackers was responsible for. However, at the end of the week, the attacker revealed herself, and on the LockBit leak site on the dark web, files stolen as part of the June attack began to appear.
According to a report by BleepingComputer , about 30 screenshots of documents - including legal documents, accounting documents and Excel files allegedly belonging to Entrust's marketing department - were uploaded to the site.
 |
| From the @vxunderground Twitter page |
But then something happened that doesn't usually happen. Lockbit's dark web leak site went offline last Friday, without warning and without the group of hackers explaining why. Researchers who examined the site began to report that the reason for this was a Distributed Denial of Service (DDoS) attack carried out against these sites.
A group of security researchers called vx-underground tried to understand the story behind the attack, and contacted a user called LockBitSupp - which is the closest thing to "customer service" of the group of hackers. According to Supp, the group's website is under attack, and according to him the group believes that it is about who was their victim - Entrust.
Why do they suspect the cyber company?
Well, it's not very complicated. Lockbit shared with the group of researchers screenshots of the attack carried out on the group's websites, in which it can be seen that blogs of the requests that bombarded its servers read "DELETE_ENTRUSTCOM_MOTHERFUCKERS" repeatedly. Lockbit reported that during the attack its website was bombarded with 400 requests per second and that the attackers sent the requests from over -1,000 different computers throughout the attack.
As a result of the attack that brought down its website, Lockbit announced that it would take all the information it managed to steal from Entrust and upload it to the web as a torrent file - which would make preventing the cyber company's information from spreading an extremely difficult task.
Entrust itself, as expected, did not take responsibility for the attack that brought down the website by the group of hackers.
Source : website internet
Tags: Lockbit , ransom , DDOS , DDoS attack , Entrust , Lockbit , DDoS attack , distributed denial of service attack , Entrust , hackers , ransomware
Add Comments