- The LockBit ransomware group, which has been on a spree this summer, claimed responsibility for the June 18 attack on cybersecurity vendor Entrust.
- The company confirmed last month it was hit by the June attack, but declined to verify that ransomware was involved. It acknowledged some internal system files were stolen during the attack, but said its security products were not impacted.
- LockBit threatened to publish the stolen data Friday at 4:33 p.m. Eastern time, according to a dedicated data leak page it publishes. Brett Callow, threat analyst at Emsisoft, shared a screenshot of the threat on Twitter.
Entrust remains reluctant to share details about the incident, including how it happened and what type of data was stolen. The company did not respond to requests for comment.
The Minneapolis-based cybersecurity vendor has more than 10,000 customers, including federal government agencies, banks, insurance companies, and tech firms such as Microsoft and VMware. Its products span identity and access management, identity verification for IDs and passport issuance, payments, cloud security and data processing.
Company officials last month said the attack only impacted systems used for internal operations. Law enforcement was notified of the attack and an unnamed cybersecurity firm has been hired to help with the investigation, the company said at the time.
Entrust’s products and services “are run in separate, air-gapped environments from our internal systems and are fully operational,” Ken Kadet, VP of public relations and communications, said in a statement last month.
LockBit’s claim and threat to publish stolen data comes two months after the incident, suggesting negotiations regarding a ransom have stalled or yet to fulfill LockBit’s demands.
The prolific ransomware as a service group first appeared in September 2019 and is now on version 3.0 of its ransomware strain and payloads. LockBit has claimed responsibility for hundreds of attacks and Broadcom’s threat hunting team at Symantec recently observed affiliates infiltrating on-premises servers to spread malware on targeted networks.