Fake Copyright Emails Used to Deploy LockBit Ransomware
LockBit Ransomware Affiliates Are Using Social Engineering to Propagate the Malware.
The LockBit ransomware is a kind of malicious software that is aimed to prevent users’ access to computer systems in return for a ransom payment.
LockBit works by scanning a network in search of lucrative targets automatically, and then it will propagate the virus across the system and will encrypt any accessible computer systems. This ransomware is used in assaults that are very well targeted against companies and other organizations.
Affiliates of the LockBit ransomware are using a clever strategy to deceive individuals into infecting their devices with malware by disguising it as copyright claims. This tactic is called social engineering.
Social engineering is a term that first emerged in social sciences, somewhat akin to the direct intervention of scientists on human society. The term ‘social engineer’ was first coined in 1894 by Van Marken, in order to highlight the idea that for handling human problems, professionals were needed. Just like you can’t solve technical issues without the proper skills training, you can’t solve social issues without similar skills.
The people who get these emails are being cautioned about a possible breach of copyright for allegedly using media files without the permission of the original author. The recipients of these emails are threatened with legal action if they do not delete the information that is considered to be infringing on their websites.
As BleepingComputer reports, the emails, which were discovered by researchers at AhnLab in Korea, do not identify which files were inappropriately utilized in the body of the message; rather, they instruct the receiver to download and open the attached file in order to see the infringing material.
The attachment is a ZIP file that has been encrypted with a password and contains a compressed file. The compressed file contains an executable that seems to be a PDF document but is really an NSIS installation.
The purpose of this wrapping and password protection is to conceal malicious code from email security technologies so that it may be downloaded undetected.
The LockBit 2.0 ransomware will run on the device and begin encrypting data as soon as the victim downloads the phony “PDF” that claims to provide information on what photos are being used without permission.
Although the use of copyright infringement accusations is noteworthy, it is neither innovative nor exclusive to LockBit members since many other virus distribution efforts also employ the same bait.
How Can Heimdal Help?
In the fight against ransomware, Heimdal Security is providing its clients with an excellent integrated cybersecurity suite that includes the Ransomware Encryption Protection module. This module is completely signature-free and universally compatible with all antivirus solutions, and it ensures superior detection and remediation of any type of ransomware, whether it is fileless or file-based (including the most recent ones like LockFile).