In June 2022, BleepingComputer broke the story about the security giant Entrust being a victim of a ransomware attack. At the time of the original story, the threat group behind the attack was unknown. In early June, Entrust released a statement stating they were aware of the attack and would alert customers whose data was believed to have been compromised. The attack was the result of a threat group purchasing access to the network through the Darknet.
On August 18th, security researcher Dominic Alvieri reached out to BleepingComputer to alert them that LockBit had set up a data leak page on their leak site for Entrust and that stolen files are set to be released before the weekend if Entrust does not pay the ransom.
The use of leak sites by ransomware threat groups has been ongoing for the past couple years and are used to try to force the victims into paying a ransom by threatening that the stolen data will be published for anyone to view. Entrust customers should be on the lookout for any communications from the company pertaining to this attack. Binary Defense’s Counterintelligence team offers monitoring for companies on the Clearnet and Darknet and strive to identify any information being posted, including posts that offer access to a company. By utilizing services like this, organizations can get ahead of threat actors selling access to their network and take the proper precautions to avoid the information being sold or can work to block the unauthorized access.