It has been reported that the LockBit 2.0 ransomware affiliates are using a peculiar scheme to get victims into infecting their machines camouflaging a virus as copyright claims. The new attempt was noticed by analysts at AhnLab, Korea which expose cyber attackers disguising malware as copyright claims.
How does the disguise work?
The mischievous worm in question is the LockBit 2.0 ransomware that will encode the infected devices before the attackers eventually request payment. The receivers of copyright claim emails are supposedly making use of media files without the creator’s license. The recipients are demanded to remove the infringing content from their websites or they will encounter legal action.
Apparently, an attachment with a password-protected ZIP archive compressed file is sent to the victims, consecutively has a workable disguised as a PDF document, in fact, is an NSIS installer. The folder and password protection is to avoid exposure from email security tools. When the recipient opens the infected “PDF” to find out what images are having copyright claims, the malware will load and encrypt the device with the LockBit 2.0 ransomware.
Many malware distribution campaigns use the same techniques. This is not too sole for the LockBit group. According to NCC ‘Threat Pulse May 2022 ‘ report, Lockbit 2.0 continued its dominance as a threat actor, covering 40% of attacks in May.
The top sectors targeted in May were industrial, making up some 31% of ransomware attacks, followed by consumer cyclical (22%) and technology (12%). The report also stated that the number of ransomware attacks fell in May. In total, it found 236 attacks in May, an 18% decrease from the 289 attacks in April. The increase may be a result of Russia-based Conti’s back off from the ransomware scene, as well as its cooperation with minor groups including Black Basta and Hive.
Lockbit 2.0 has located its place as the most creative threat actor of 2022. Businesses must familiarise themselves with their campaigns, techniques, and procedures. This will give them a better understanding of how to shield themselves against the attack and the most effective security measures to apply.