{
	"id": "53830938-56ff-43a4-87ac-2d496b7a7c64",
	"created_at": "2026-04-06T00:21:04.117508Z",
	"updated_at": "2026-04-10T03:21:32.305738Z",
	"deleted_at": null,
	"sha1_hash": "a3de84c83199ac9dd3b4abf8afb81e55e1f27f43",
	"title": "LockBit ransomware gang gets aggressive with triple-extortion tactic",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3670684,
	"plain_text": "LockBit ransomware gang gets aggressive with triple-extortion tactic\r\nBy Ionut Ilascu\r\nPublished: 2022-08-28 · Archived: 2026-04-05 13:23:42 UTC\r\nLockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and\r\nworking to take the operation to triple extortion level.\r\nThe gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to\r\ndata published on its corporate leaks site.\r\nData from Entrust was stolen by LockBit ransomware in an attack on June 18, according to a BleepingComputer source.\r\nThe company confirmed the incident and that data had been stolen.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nEntrust did not pay the ransom and LockBit announced that it would publish all the stolen data on August 19. This did not\r\nhappen, though, because the gang’s leak site was hit by a DDoS attack believed to be connected to Entrust.\r\nLockBit getting into DDoS\r\nEarlier this week, LockBitSupp, the public-facing figure of the LockBit ransomware operation, announced that the group is\r\nback in business with a larger infrastructure to give access to leaks unfazed by DDoS attacks.\r\nThe DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the\r\ntriple extortion tactic to apply more pressure on victims to pay a ransom.\r\nLockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data\r\nand leaking it.\r\n“I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion,\r\nencryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more\r\ninteresting,” LockBitSupp wrote in a post on a hacker forum.\r\nLeaking Entrust data\r\nThe gang also promised to share over torrent 300GB of data stolen from Entrust so “the whole world will know your\r\nsecrets.”\r\nLockBit’s spokesperson said that they would share the Entrust data leak privately with anyone that contacts them before\r\nmaking it available over torrent.\r\nIt appears that LockBit has kept its promise and released this weekend a torrent called “entrust.com” with 343GB of files.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 3 of 6\n\nLockbit ransomware leaks Entrust data\r\nsource: Artie Yamamoto\r\nThe operators wanted to make sure that Entrust's data is available from multiple sources and, besides publishing it on their\r\nsite, they also shared the torrent over at least two file storage services, with one of them no longer making it available.\r\nDDoS defenses\r\nOne method already implemented to prevent further DDoS attacks is to use unique links in the ransom notes for the victims.\r\n“The function of randomization of links in the notes of the locker has already been implemented, each build of the locker\r\nwill have a unique link that the dudoser [DDoSer] will not be able to recognize,” LockBitSupp posted.\r\nThey also announced an increase in the number of mirrors and duplicate servers, and a plan to increase the availability of\r\nstolen data by making it accessible over clearnet, too, via a bulletproof storage service.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 4 of 6\n\nLockbit ransomware changes after suffering DDoS attack\r\nsource: BleepingComputer\r\nAfter publishing this article, BleepingComputer learned that LockBit has made the stolen Entrust data available over\r\nclearnet, on a website that provides files for a limited period.\r\nLockBit shares over clearnet the torrent for stolen Entrust data\r\nsource: BleepingComputer (h/t Phantom Radar)\r\nLockBit ransomware operation has been active for almost three years, since September 2019. At the time of writing,\r\nLockBit’s data leak site is up and running.\r\nThe gang is listing more than 700 victims and Entrust is one of them, with data for the company leaked on August 27.\r\nUpdate [August 29, 09:12]: Article updated with info on Entrust data being shared over clearnet.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 5 of 6\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/"
	],
	"report_names": [
		"lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic"
	],
	"threat_actors": [],
	"ts_created_at": 1775434864,
	"ts_updated_at": 1775791292,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a3de84c83199ac9dd3b4abf8afb81e55e1f27f43.pdf",
		"text": "https://archive.orkl.eu/a3de84c83199ac9dd3b4abf8afb81e55e1f27f43.txt",
		"img": "https://archive.orkl.eu/a3de84c83199ac9dd3b4abf8afb81e55e1f27f43.jpg"
	}
}