LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.

The gang is actively recruiting new members after its sites were taken offline for days by a distributed denial of service (DDoS) attack.

It has been rumored that the DDoS attack was carried out on behalf of Entrust, blocking access to the information posted on its corporate leaks website.

Entrust is a software company that was breached by the LockBit ransomware group on June 18. LockBit declared that it would release all the stolen material on August 19 if Entrust did not pay the ransom.

Entrust did not pay the ransom and LockBit announced that it would publish all the stolen data on August 19. This did not happen, though, because the gang’s leak site was hit by a DDoS attack believed to be connected to Entrust.

Triple extortion is relatively uncommon, but it was occasionally associated with attacks by the now-shuttered REvil group, which was known to deploy unusual tactics in its campaigns.

The DDoS attack that took place over the weekend temporarily halted the leakage of Entrust data. However, the gang also took the time as an opportunity to investigate the triple extortion strategy they are planning to put further pressure on victims to pay in their ransom attack.

In addition to triple extortion, LockBit also said it would begin including unique and randomized payment links in each ransom note, making it difficult for counter-measures like DDoS attacks to impact the threat actor’s payment site.

They also announced an increase in the number of mirrors and duplicate servers, and a plan to increase the availability of stolen data by making it accessible over the normal web, too, via a bulletproof storage service.

Entrust has not confirmed if it is or isn’t behind the attack on LockBit Ransomware Gang.

Currently, it’s not clear who exactly was responsible for the DDoS attack on the LockBit, whether it was Entrust, or simply a rival threat actor who took advantage of the situation.

LockBit ransomware operation has been active for almost three years, since September 2019. At a moment LockBit data leak site is up and running.

The site has more than 700 listed victims and Entrust is one of them, with data for the company leaked on August 27.