The intrusion against Entrust, a leading provider of digital security, in June has been blamed on the LockBit ransomware group. A ransomware attack was launched against Entrust on June 18, 2022. Entrust started informing customers about their intrusion in early June, during which data was taken from internal systems.
“We have determined that some files were taken from our internal systems,” Entrust said in a security alert to customers. “As we continue to investigate the issue, we will contact you directly if we learn information that we believe would affect the security of the products and services we provide to your organization.”
Entrust stated that they were looking into the situation but did not provide any other information about the incident or confirm if it was ransomware. The security giant didn’t discover any evidence that the incident had impacted the performance or security of their products and services, which are fully operational and run in distinct, air-gapped environments from their internal systems.
But according to Vitali Kremez, CEO of AdvIntel, a well-known ransomware gang hit Entrust after paying “network access sellers” for access to the corporate network. Dominic Alvieri, a security expert, said that LockBit had set up a specific data leak page for Entrust on their website and announced that they would release all of the stolen information very soon.
Ransomware gangs typically release data gradually so the victim would return to the negotiating table when they publish it on their data leak sites. LockBit’s declaration that they will reveal all data suggests that Entrust has not engaged in negotiations with the ransomware operation or is unwilling to comply with its demands.
Entrust was contacted for more confirmation of the LockBit attack, but at this moment, no response has been received. LockBit’s assertion of the attack, however, confirms what insiders have already said about who was to blame. With its public-facing operation, “LockBitSupp,” openly interacting with threat actors and cybersecurity experts, LockBit is now regarded as one of the most active ransomware operations.
With new encryptors based on the BlackMatter source code, new payment methods, new extortion techniques, and the first ransomware bug bounty program, LockBit 3.0 was introduced in June. It is crucial for security and network specialists to keep current on the growth of the operation and its TTPs because of its constant adoption of new strategies, technologies, and payment methods.