Skip to main content
close search
site logo
Dive Brief

LockBit ransomware group claims responsibility for Entrust attack

The prolific ransomware gang threatened to publish data stolen during the attack.

Published Aug. 19, 2022
Matt Kapko's headshot
Senior Reporter
Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
Attacker offers victim a key to unlock encrypted data for a ransom. vchal via Getty Images

Dive Brief:

  • The LockBit ransomware group, which has been on a spree this summer, claimed responsibility for the June 18 attack on cybersecurity vendor Entrust
  • The company confirmed last month it was hit by the June attack, but declined to verify that ransomware was involved. It acknowledged some internal system files were stolen during the attack, but said its security products were not impacted.
  • LockBit threatened to publish the stolen data Friday at 4:33 p.m. Eastern time, according to a dedicated data leak page it publishes. Brett Callow, threat analyst at Emsisoft, shared a screenshot of the threat on Twitter.

Dive Insight:

Entrust remains reluctant to share details about the incident, including how it happened and what type of data was stolen. The company did not respond to requests for comment.

The Minneapolis-based cybersecurity vendor has more than 10,000 customers, including federal government agencies, banks, insurance companies, and tech firms such as Microsoft and VMware. Its products span identity and access management, identity verification for IDs and passport issuance, payments, cloud security and data processing.

Company officials last month said the attack only impacted systems used for internal operations. Law enforcement was notified of the attack and an unnamed cybersecurity firm has been hired to help with the investigation, the company said at the time.

Entrust’s products and services “are run in separate, air-gapped environments from our internal systems and are fully operational,” Ken Kadet, VP of public relations and communications, said in a statement last month. 

LockBit’s claim and threat to publish stolen data comes two months after the incident, suggesting negotiations regarding a ransom have stalled or yet to fulfill LockBit’s demands.

The prolific ransomware as a service group first appeared in September 2019 and is now on version 3.0 of its ransomware strain and payloads. LockBit has claimed responsibility for hundreds of attacks and Broadcom’s threat hunting team at Symantec recently observed affiliates infiltrating on-premises servers to spread malware on targeted networks.

Filed Under: Cyberattacks, Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell