LockBit Claims Responsibility for Entrust Ransomware Attack

MakeUseOf

By Katie Rees

Published Aug 19, 2022

LockBit operators have taken responsibility for the ransomware attack on digital security company Entrust.

Entrust Logo Credit: ™/®Entrust, Corp./Wikimedia Commons

The June attack of security company Entrust has now been claimed by LockBit, a prominent Ransomware-as-a-Service (RaaS) group.

LockBit Finally Claims Entrust Attack Two Months After Its Occurrence

On June 18th, 2022, security solutions firm Entrust suffered a severe ransomware attack. In this attack, a significant swathe of data was stolen from Entrust's internal systems that contained customer information.

Entrust focuses on providing hardware and software security solutions to its clientele. The company deals heavily in online trust and identity management, allowing its customers to use their tools to stay safe in the digital realm.

In August 2022, security researcher Dominic Alvieri told the Bleeping Computer publication that LockBit operators had created a page on their website with a countdown timer for the release of the stolen Entrust files.

Alvieri also confirmed in a recent tweet that LockBit had claimed the attack, and stated that LockBit was set to release the data on August 19th.

It is not known exactly what kind of data was retrieved by the LockBit operators during the attack, as Entrust has not disclosed this information. It is also thought that Entrust has not yet engaged or negotiated with the malicious party who stole the data.

Entrust Took Some Time to Acknowledge the Attack

It wasn't until July 2022 that Entrust finally acknowledged the June attack, though the company remained tight-lipped on the situation. In an official statement shown in the tweet below by Dominic Alvieri, Entrust stated that an "unauthorized party" had gained access to certain information within its internal systems.

Entrust claimed in the same statement that, at the time of writing, none of the services offered by the company had been compromised as a result of the attack.

LockBit Ransomware Continues to Pose a Threat

In recent years, LockBit has become one of the most prevalent Ransomware-as-a-Service groups in the world, alongside other prominent criminal entities like DarkSide and Conti.

The LockBit ransomware family is now on its third iteration, known as LockBit 3.0. This ransomware has already been used to deploy Cobalt Strike beacons on Widows and VMWare systems, putting users around the world at risk. It is not yet known to what extent LockBit 3.0 will continue to be used to attack individuals and organizations alike.

Ransomware Attacks Are Still on the Rise

As Ransomware-as-a-Service groups become increasingly powerful, more malicious parties have the ability to carry out their own attacks on unsuspecting victims. With big organizations often being targeted by these illicit actors, we may see a continued string of large-scale data breaches and leaks as a result of ransomware attacks in the near future.