LockBit ransomware group published passports scans & bank details of 182k people

The skyline company was recently the victim of a ransomware attack by LockBit, a group that resorted to leaking compromised information to pressure its victims. Finally, it has been revealed that the data of this company have been exposed in dark web forums.  

In total, 182,719 files were published, equivalent to more than 40 GB of information. The database exposed includes passport scans, forms and financial details (full credit card numbers).

La imagen tiene un atributo ALT vacío; su nombre de archivo es lockbit01.jpg

LockBit is a group of ransomware that usually attacks large companies and individuals on commercial sites. A first variant of encryption malware was detected in 2019 attacking multiple users in English-speaking countries; by January 2020, cases of infection had already been detected in the United States, Australia, France and even China.

Usually, the hackers behind this variant of ransomware resort to abuse of unsafe remote desktop configurations, sending phishing emails with malicious attachments, botnets, exploiting vulnerabilities, injecting code AND fake updates or installers.

Regarding the capabilities of the ransomware once installed, LockBit can evade any access control on user accounts. Once on the victim’s computer, LockBit deletes snapshots of the files, disables Windows repair and repair functions at boot time, and clears the operating system logs.

Although ransomware is one of the most popular security threats and companies try to take more and better security measures, these attacks remain highly effective, so it is advisable to stay safe from infection.