LockBit ransomware affiliates use an interesting trick to trick people into infecting their devices by disguising their malware in copyright claims.
Recipients of these emails have been warned of copyright infringement because they allegedly used media files without a copyright license. These emails require recipients to remove copyrighted content from their websites or face legal action.
Emails, spotted by analysts at AhnLabKorea, do not specify which files have been unfairly used in the body and instead tell the recipient to download and open the attached file to see the contents of the violation.
An attachment is a password-protected ZIP archive that contains a compressed file, which in turn has an executable file disguised as a PDF document, but is in reality an NSIS installer.
The reason for this wrapping and password protection is to avoid detection by email security tools.
If the victim opens the alleged “PDF” to find out which images are being used illegally, the malware will load and encrypt the device with LockBit 2.0 ransomware.
Copyright and malware lawsuits
While the use of copyright infringement claims is interesting, it is neither new nor exclusive to LockBit members, as many malware distribution campaigns use the same bait.
Bumblebee is used to deliver second-stage cargo, including ransomware, so opening one of these files on your computer can lead to quick and catastrophic attacks.
Copyright lawsuits are a matter that content publishers should seriously consider, but if the request isn’t simple, but requires you to open the attached files to see the details of the infringement, it’s unlikely that it’s a real notice of removal.
LockBit on top
According to the NCC Group Pulse Threat Report. for May 2022, released today, LockBit 2.0 accounted for 40% of all (236) ransomware attacks reported in the month.
The infamous ransomware operation recorded an incredible 95 casualties in May alone, while Conti, BlackBast, Hive and BlackCat together had 65.
This continues the trend seen by Intel 471, which put LockBit 2.0 at the top of the most prolific ransomware operations in the fourth quarter of 2021and further strengthen the group as one of the most widespread threats.
#Fake #copyright #emails #install #LockBit #ransomware #BleepingComputer