This comes after LockBit’s leak site was DDoS attacked by Entrust after threatening to leak their stolen data last week. Though LockBit managed to leak the data from other forms, it’s now adding this as an additional vector realizing its effect.
Triple Extortion Attack in Ransomware
Most ransomware groups are currently following a means of pressing victims to pay for their ransom – called the double extortion method, where they encrypt victims’ systems and threaten to leak the stolen data until ransom payment. While it’s successful to an extent, LockBit is extending this with yet another means – DDoS. The Distributed Denial of Service is a continuous flow of accessing requests aimed at a certain website, hitting until it runs out of capacity and become useless to none. This has been used by many threat actors in the past and worked successfully. Entrust, the digital security giant has also reportedly performed DDoS against LockBit, after the ransomware gang threatened to leak Entrust’s data last week. Though LockBit failed to leak it on time, it did it anyway in other means. The ransomware group has shared the Entrust data in terms of torrents and even hosted it on multiple data hosting platforms – to make it accessible from several sources. And this worked, as few security researchers who downloaded the torrent verified it as legitimate. And since it realized how Entrust was able to choke the leak sites, LockBit now decided to add this into its arsenal of extortion strategy. Making the count to three, LockBit adds DDoS on top of data leak threats and encryption of the victim’s infrastructure. For that, the ransomware group is hiring experts in a hacker forum; Further, to defend against potential DDoS attacks on its infrastructure again, LockBit implemented the usage of unique links in the ransom notes and “each build of the locker” to not be able to recognise from the DDoS attacker. And, it’s increasing the number of mirrors and duplicate servers, in addition to increasing the availability of stolen data by making it accessible over surface internet over bulletproof storage services.