LockBit ransomware operators published stolen data of US residents

LockBit ransomware operators published online a portion of data stolen from Skyline, an American company that organises trade shows. This is reported by the Telegram channel ‘Information Leaks’.

In total, 182,719 files, totalling 42.9 GB, were published. They contain scans of passports and completed forms with full bank-card details.

LockBit ransomware targets companies and business users. An early variant of the malware was active in mid-October 2019. It is aimed at English-speaking users, which does not prevent its spread worldwide. In January 2020, residents of the United States, Germany, France and China were affected by its attacks.

LockBit spreads via breaches of unprotected remote desktop configurations, phishing spam with malicious attachments, botnets, exploits, malvertising, code injection, fake updates and infected installers.

The ransomware can bypass user account controls.

On infecting a victim’s computer, LockBit deletes shadow copies, disables Windows recovery and patching features at boot, and clears the operating system logs.

Earlier, Group-IB said that ransomware disappeared from the top threats by the end of the first half of 2020 – accounting for only 1% of all hacker attacks.

Follow ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — the most important news and polls.