Starting in early June, Entrust had begun to tell customers that they suffered a cyberattack where data was stolen from internal systems.
“We have determined that some files were taken from our internal systems,” Entrust shared in a security notification to customers.
“As we continue to investigate the issue, we will contact you directly if we learn information that we believe would affect the security of the products and services we provide to your organization.”
While Entrust would not share any details regarding the attack or confirm if it was ransomware, they told BleepingComputer that they were investigating the incident.
“While our investigation is ongoing, we have found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems and are fully operational,” Entrust told BleepingComputer.
However, AdvIntel CEO Vitali Kremez told BleepingComputer at the time that a well-known ransomware gang had attacked Entrust after purchasing access to the corporate network through “network access sellers.”
LockBit claims attack on Entrust
Today, security researcher Dominic Alvieri told BleepingComputer that LockBit had created a dedicated data leak page for Entrust on their website, stating that they would publish all of the stolen data tomorrow evening.
When ransomware gangs publish data on their data leak sites, they usually leak data over time to scare the victim into returning to the negotiation table.
As LockBit states that they will publish all data, it indicates that Entrust has not negotiated with the ransomware operation or refuses to give in to their demands.
BleepingComputer has reached out to Entrust for further confirmation on the LockBit attack but has not heard back at this time.
However, LockBit claiming of the attack supports what sources had previously told BleepingComputer about who was responsible.
LockBit is considered one of the most active ransomware operations at this time, with its public-facing operation ‘LockBitSupp’ actively engaging with threat actors and cybersecurity researchers.
Due to its ongoing adoption of new tactics, technology, and payment methods, it is vital for security and network professionals to stay up to date on the evolution of the operation and its TTPs.