LockBit ransomware operators claim data theft from PayBito affecting more than 100,000 clients

The operators of the LockBit ransomware threaten to release PayBito exchange client data publicly. Security Affairs reports.

On a site on the Tor network, hackers said they had managed to steal the trading platform’s database containing the personal information of more than 100,000 clients.

The database allegedly contains hashes of email addresses and passwords that can be easily decrypted due to the use of a ‘weak hashing algorithm’. The extortionists also claim to have obtained the exchange’s administrators’ personal data.

If PayBito does not pay the ransom by February 21, 2022, LockBit promises to publish the stolen data on its site.

The Bitcoin ransomware is targeted at companies and business users. The activity of the early variant of the ransomware occurred in mid-October 2019.

LockBit spreads through compromising unsecured remote desktop configurations, phishing emails with malicious attachments, botnets, exploits, malvertising, code injection, fake updates and infected installers.

On infecting the victim’s computer, LockBit deletes shadow copies, disables Windows restore and patching at boot, and clears the operating system logs.

Earlier in January, the LockBit operators posted in the public domain data of users of the UK-based cryptocurrency exchange BTC-Alpha with Ukrainian roots. In a ForkLog interview, representatives of the exchange confirmed the leak, noting that the database dump only partially contains reliable information about users. The rest of the data, they say, were altered by hackers.