September 21, 2023

LockBit ransomware group had its leaks site knocked offline in a DDoS attack, and it blames Entrust Corp. for the attack.

The leak site was knocked offline in a DDoS attack and that LockBit had received a message telling it that the attack would stop if it removed data stolen from Entrust.


The attack on Entrust, which counts among its clients Microsoft. and VMware, happened in June and admitted last month. During that time the form of attack was not known and Lockbit group claims the responsibility.

Entrust described the attack as involving an unauthorized party accessing certain systems used for internal operations but not affecting its products in identity and access management, identification and passport issuance, payments, cloud security and data processing.

The timing of the attack appears to be more than a coincidence. LockBit first started leaking stolen data from Entrust on Friday night. The initial leak included 30 screenshots of allegedly stolen data from Entrust, including legal documents, marketing spreadsheets and accounting data.


A screenshot of the attack, showing data packets that included a message to delete the stolen data followed by an expletive.

It has not been disclosed whether a ransom payment was demanded from Entrust, but presuming one was, the decision by LockBit to start publishing the stolen data would indicate that Entrust did not pay the amount requested. 

An attack on cybersecurity company like Entrust, opens the scope of improvement for all sectors. A good cyber hygiene need to be inplace all the time.

Leave a Reply

%d bloggers like this: