The LockBit ransomware operators shut down their dark web data leak site due to a DDoS attack demanding that they delete data stolen in the June ransomware attack against security service provider Entrust.

Last week, LockBit created a dedicated data leak page for Entrust on their website, announcing that they would publish stolen data on the night of August 19. The leak included more than two dozen screenshots of data allegedly stolen from Entrust, such as legal documents, marketing spreadsheets, and accounting data.

However, shortly after the gang started publishing the files reports began to emerge that LockBit’s data leak site got DDoSed. According to security research group VX-Underground who spoke with a LockBit representative, the ransomware gang believes that their Tor data leak websites were attacked by someone connected to Entrust.

“DDoS attack began immediately after the publication of data and negotiations, of course it was them, who else needs it? In addition, in the logs there is an inscription demanding the removal of their data," LockBitSupp confirmed in a conversation with the tech news site BleepingComputer.

Cisco Talos’ Azim Shukuhi reported that the DDoS attack on LockBit's servers consisted of” 400 requests a second from over 1000 servers.” In response to the attack the group said that they plan to release all data stolen from Entrust as a torrent.

The gang also announced that they will employ a more aggressive strategy that would involve triple extortion attack, an extension of the double extortion that seeks to add additional dimension to the threat by targeting the company’s affiliates, clients, or suppliers to put more pressure on the victim organization. The threat actors may also launch a Distributed Denial of Service (DDoS) attack or make phone calls to make the situation more stressful.

Furthermore, LockBit announced that they are recruiting new members to their team.

Currently, it’s not clear who exactly was responsible for the DDoS attack on the LockBit portal, whether it was Entrust, an affiliated cybersecurity company, or simply a rival threat actor who took advantage of the situation.