Entrust and LockBit Go to War Over the June Cyberattack That Left Entrust Compromised

In July, Entrust, a global leader in identities, payments, and data protection, announced that it suffered a cyberattack. The company discovered that an unauthorized party infiltrated its system on June 18th, accessing parts used for internal operations and stealing data.

According to the company, they “promptly began an investigation with the assistance of a leading third-party cybersecurity firm and have informed law enforcement.” However, they didn’t find immediate evidence that it affected the operation or security of its products and services since they were run in separate environments.

In the same notice that detailed the event, Entrust’s CEO said the company would contact customers if they discovered the security of products and services were compromised. The company found no evidence to suggest the unauthorized access was ongoing.

But it was a serious incident that severely impacted Entrust’s reputation. That is especially so considering the company does business with major customers like Microsoft, the Department of Homeland Security, and the Treasury.

Moreover, while no ransomware gang claimed responsibility at the time of the attack, that changed recently. LockBit, a prominent group of black hat hackers, stepped out and claimed responsibility for the cyberattack against Entrust around a week ago.

LockBit also claimed attacks on Foxconn and Accenture previously. Now, Entrust has been added to that list, evidenced by the group leaking the company’s data on its dark web leak site.

The story doesn’t end there, though. After claiming responsibility and posting the data, the dark web leak site was forced offline by a distributed denial of service (DDoS) attack. And to complicate matters further, the group is accusing Entrust of perpetrating the counterattack.

There is circumstantial evidence to support the group’s claim as well. Azim Shukuhi, a security researcher at Cisco’s Talos, received information regarding the DDoS attack from a LockBit member, with the individual claiming that the site was receiving “400 requests a second from over 1,000 servers.”

While there is no direct evidence, the attacks reportedly started after publication of the data, which came after negotiations between LockBit and Entrust. Moreover, LockBit gave further reason for its suspicions to VX-Underground, pointing toward junk internet traffic that included “DELETE_ENTRUSTCOM_MOTHERFUCKERS.”

The effects of the DDoS attack have continued into this week, preventing the site from operating as normal. In response, a message was placed on the site with a warning about the gang’s plan to put the stolen data on peer-to-peer networks.

As for whether Entrust is involved with the DDoS attacks, that is unknown, with the company not making a statement. However, if Entrust is responsible, it could become an even more serious matter since retaliation hacking against cybercriminals is illegal under US law.

Regardless of who is behind the DDoS attack, it is unlikely that LockBit will back down. The group is on its third incarnation, known as LockBit 3.0, and is currently one of the most active ransomware groups around.

This all comes at a time when cyberattacks are on the rise. While security companies are constantly working on solutions to combat emerging problems, there are always risks. Entrust and others targeted by LockBit and similar groups are just proof of how dangerous the digital world can be.

Spencer Hulse is a news desk editor at Grit Daily News. He covers startups, affiliate, viral, and marketing news.