After suffering a taste of their own medicine as part of a response effort from victim organization Entrust, LockBit appears to have bounced back even stronger than before.
The LockBit ransomware gang has lead the way as one of the most prominent ransomware variants seen in attacks in the first quarter of this year. They’ve continued to follow the similar “encryption + data leak” strategy for many months – that is until they attacked and successfully stole data from security vendor Entrust.
According to Bleeping Computer, when the threat of posting the stolen data was made by LockBit, Entrust was involved in a DDos attack against LockBit’s servers to keep the data from being posted. But after recovering, it appears that LockBit is planning on utilizing DDoS as part of an ongoing triple extortion effort moving forward.
This means organizations that are hit by the ransomware variant will not only see operational disruption due to encryption, the threat of data being leaked, but advanced DDoS efforts to make the victim organization’s Internet-facing applications and systems inaccessible, further killing any operations that survive the ransomware attack.
We’ve seen DDoS used before, but it’s the first time LockBit has acknowledge it being a part of their attack plans.
Organizations need to take the repercussions of such attacks seriously, taking all steps necessary – including the addition of Security Awareness Training to enable users to help minimize the phishing attack threat surface – to keep attacks by LockBit (and any cybercriminal gang for that matter) at bay.