LockBit ransomware group is claiming to be working on enhancing its technical capabilities and infrastructure. This includes improvement in its defenses against DDoS attacks, as well as preparing for new triple extortion tactics.

What happened?

The LockBit ransomware group had recently suffered a DDoS attack on its corporate data leak site, restricting its access to others. The attack was possibly on behalf of one of its latest victims, Entrust.
  • LockBitSupp, the public-facing figure of the LockBit group, announced that the group is active again and has come up with a larger infrastructure capacity to handle the DDoS attack and allow public access to leaked data.
  • The DDoS attack temporarily stopped the leak of Entrust’s data but it triggered hackers to come up with a triple extortion tactic.
  • Hence, ransomware operators added DDoS to its already existing double extortion tactic of stealing the stolen data before encrypting it.

New defense system in place

  • The group implemented defenses to prevent further DDoS attacks by using unique links in the ransom notes. 
  • Further, the operators announced an increase in duplicate servers and mirrors and an increase in the availability of stolen data by using Clearnet via a bulletproof storage service.

The backstory 

Digital security giant Entrust was targeted by a ransomware attack in July and listed on Lockbit’s leak site by mid-August.
  • The group promised to share 300GB of data stolen from Entrust and also offered to share the data privately with anyone who contacted it before releasing data over the torrent.
  • As per reports, LockBit released a torrent named entrust[.]com with 343GB of files and shared the torrent over two file storage services, with one being no longer available.


Lockbit ransomware has matured as a potential threat over the period. Its recent announcements by the ransomware groups indicate their aggressive, never-back-down attitude. With newly added tactics, such as the use of triple extortion methods, challenges for the cybersecurity experts and community will only pile up.
Cyware Publisher