The cyberattack on Entrust – a digital security company back in June this year – is confirmed to be a ransomware attack by the LockBit gang.
This comes from a security researcher who spotted a dedicated data leak site for exposing the stolen data of Entrust by the LockBit gang. They warned that the entire data will be leaked by today evening, hinting at failed negotiations or no response from Entrust over ransom demands.
Ransomware Attack on Entrust
In June this year, Entrust – a digital security giant, disclosed a cyberattack where a part of its data was stolen from its internal systems. In a notification shared with its customers, Entrust said they’re investigating the issue and will revert with more information.
Entrust security incident dated June 18th.
Entrust blog still down on your left and official statement on your right.
No one seen taking credit to date.@Entrust_Corp #cybersecurity #infosec @Cyberknow20 @GossiTheDog @campuscodi @vxunderground @FBI pic.twitter.com/m54y0x1CIJ
— Dominic Alvieri (@AlvieriD) July 21, 2022
A month later, BleepingComputer claimed it was a ransomware attack on Entrust, citing Vitali Kremez, who noted several other sources to support his claim. When asked for confirmation, Entrust said none of their operations or the security of products and services were affected and skipped the ransomware question altogether.
But now, a security researcher named Dominic Alvieri confirmed to BleepingComputer that it was LockBit who attacked Entrust back in the day – pointing at a dark website dedicated to leaking the stolen files from Entrust.
On its page, the LockBit gang made a countdown to today’s evening for publishing all the Entrust data. This makes us believe that either Entrust has not responded to LockBit’s ransom demand or ignored a deal after failed negotiations.
Ransomware operators often leak the stolen data in bundles over time. This is to force the victim to restart negotiations again and stop their data from leaking. Well, we shall see what LockBit has got from Entrust and validate how sensitive it is.
LockBit is one of the most active ransomware operations currently, with a hit list of prominent companies and initiatives like ‘LockBitSupp‘ to actively engage with threat actors and cybersecurity researchers and run a ransomware bug bounty program – the first of its kind in this space.