Entrust data breach acknowledged by LockBit ransomware group
The LockBit ransomware group, known for its prolific activities as a service, has claimed responsibility for the attack on cybersecurity vendor Entrust, which occurred on June 18. The group made the claim and threatened to publish stolen data from Entrust two months after the incident, suggesting that negotiations regarding a ransom have stalled or failed to meet LockBit's demands.
LockBit is currently operating on version 3.0 of its ransomware strain and payloads. The group first appeared in September 2019 and has since claimed responsibility for hundreds of attacks. A cybersecurity firm has been hired to help with the investigation of the attack on Entrust, but the unnamed firm is not explicitly named in the available search results.
Law enforcement was notified of the attack, and a screenshot of the threat from LockBit was shared by Brett Callow, threat analyst at Emsisoft, on Twitter. Entrust confirmed the attack but did not verify that ransomware was involved. The company stated that the attack only impacted systems used for internal operations.
Entrust's internal systems were impacted, and some internal system files were stolen during the attack. However, the company's products and services, which span identity and access management, identity verification for IDs and passport issuance, payments, cloud security, and data processing, are run in separate, air-gapped environments and are fully operational.
Broadcom's threat hunting team at Symantec recently observed affiliates of LockBit infiltrating on-premises servers to spread malware on targeted networks. Entrust, a Minneapolis-based company with over 10,000 customers including federal government agencies, banks, insurance companies, and tech firms such as Microsoft and VMware, has not shared details about the incident, including how it happened and what type of data was stolen.
Despite the ongoing investigation, Entrust has emphasised that its products and services remain secure and operational. The company is working diligently to resolve the issue and restore its internal systems to full functionality. As the situation develops, more information is expected to be released.
