Certificate Giant Entrust Compromised by Ransomware

Digital security giant Entrust has confirmed that it suffered a cyber attack, with threat actors compromising their networks and stealing data from internal systems, according to new reports. Entrust is a security company focused on online trust and identity management, offering a wide range of services including encrypted communications, secure digital payments and identity solutions. Based on the stolen data, this attack could impact a large number of critical and sensitive organizations that use Entrust for identity management and authentication. This includes U.S. government agencies such as the Department of Energy, Homeland Security, Treasury, Health and Human Services, Veterans Affairs, Agriculture, and more. Now they are trying best to do data disaster recovery.

Hackers breached Entrust’s network in June

About two weeks ago, a source told us that Entrust was compromised by an intrusion on June 18, when hackers stole company data during the cyberattack.

However, the breach was not publicly confirmed until yesterday, when security researcher Dominic Alvieri tweeted a screenshot of a July 6 security notification sent to Entrust customers.

“I am writing to let you know that on June 18, we learned that an unauthorized party had accessed some of the systems we use for our internal operations. Since that moment, we have worked tirelessly to correct this situation,” Entrust CEO Todd Wilkinson wrote in a security notice.

“The first thing I want to tell you is that while our investigation is still ongoing, we have found no indication to date that this issue has impacted the operation or safety of our products and services.”

The security notice confirms that the data was stolen from Entrust’s internal systems. However, it is unclear if this is purely company data or customer and supplier data.

“We have determined that some documents were obtained from our internal systems. As we continue to investigate this issue, if we learn of information that we believe could affect the security of our products and services for your organization, We will contact you directly.” – Entrust.

On July 22, local time, Entrust told us that they were working with a leading cybersecurity firm and law enforcement to investigate the attack, which did not affect their operations.

“While our investigation is ongoing, to date we have found no indication that the issue has impacted the operation or safety of our products and services, which operate in an air-gapped environment separate from our internal systems and are fully It works,” Entrust said.

Suspected of being attacked by ransomware group

While the security notice and Entrust’s statement to us did not share further details about the attack, We has learned that a well-known ransomware gang was behind the attack.

While it’s not clear whether the devices were encrypted during the attack, ransomware gangs often steal data for use in double extortion schemes before the encryptors are activated.

According to AdvIntel CEO Vitali Kremez, ransomware groups purchased compromised Entrust credentials and used them to compromise their internal networks.

Speaking to us about the attack, Kremez said: “The ransomware group operators involved relied on network access to the seller’s trusted network to gain initial access to the Entrust environment, which resulted in subsequent encryption via known ransomware groups. and leak exposure.”

Unless Entrust pays the ransom demand, we may learn about the ransomware operation behind the attack when they publicly release the stolen data.

When we contacted Entrust with questions about the ransomware attack, they told us they were unable to share any further details about the attack.

Entrust data breach may affect global digital trust system

According to Baidu Encyclopedia, Entrust Inc. is a world-leading Canadian cybersecurity high-tech company listed on NASDAQ in the United States. The company was established in 1994, formerly known as the data network security research and development department of Nortel Networks in Canada. The company headquarters is registered in PLANO, Texas, USA. The development center is located in Ottawa, which is known as the northern Silicon Valley in Canada, and Silicon Valley in California, USA. There are branches or offices in the United States, Canada, the United Kingdom, Switzerland, Germany, Japan and China. Listed on NASDAQ on August 18, 1998 (number ENTU).

As a world-renowned CA manufacturer, Entrust has established a trusted virtual environment around the world, enabling anyone to conduct digital transactions and communications with confidence in any place. Its SSL certificate is used by 65% ​​of the world’s top 500 enterprises, occupies 75% of the EV SSL market, is used by the world’s top 40 banks, and is used by 67 of the world’s top 100 e-commerce websites, with a total of more than 800,000 A website uses Entrust’s SSL certificate to ensure the security of website confidential information. 

Entrust provides trust services for websites, software developers and individuals, including the issuance of SSL server certificates specially designed for website authentication and encryption. More than 83% of the world’s top 500 companies use Entrust SSL server certificates. Entrust protects the security of more than 600,000 web servers around the world through strong encryption functions and strict authentication measures. Many well-known websites around the world, including Amazon, Yahoo Shopping, America Online, Google, and Citibank, have installed Entrust’s SSL server certificates enhance website security. In order to expand its service areas and scope, Entrust has established strategic cooperative relations with American Express, Checkpoint, Microsoft, CISCO, including the United Kingdom, France, Germany, Italy, Australia, Brazil, South Africa, China, Japan and other countries and regions. More than 70 digital trust service providers have joined Entrust’s Trust Network. “Let more and more people enjoy the convenience of the Internet with peace of mind” is our greatest wish; “Make the Internet more credible” is our goal.

It is expected that this extortion incident will involve the world. Let’s see how the situation develops! The majority of businesses believe that data backup offers insurance against problems. In the modern world, we must constantly consider it a strategic advantage. Enterprise backup files are the target of a lot and more ransomware. The final line of defense to help businesses create data safety is the information backup and recovery service introduced by Vinchin.