Friday, April 19, 2024

Hackers Delivered a Lockbit Ransomware Through Fake Copyright Claim E-mail

One of the interesting tricks used by LockBit affiliates is disguising their malware as copyright claims in order to trick users into infecting their devices with ransomware.

There is a copyright violation notice sent through email to these users, apparently containing information that they are using media files without permission from the creators. 

It is because of such emails that recipients are urged to remove content that they consider infringing on their websites.

Technical Analysis

Cybersecurity researchers at South Korean security firm, AhnLab identified the emails, but they were unable to determine which files were being unfairly used in the body of the emails. 

The recipient should instead be asked to open and download the attached file in order to view the content deemed infringing. The email attachment sent by the threat actors is a ZIP archive and this ZIP archive is password protected. 

While this ZIP file contains a compressed file that contains a copy of a PDF document which is actually an NSIS installer that is disguised as a PDF document.

This is done for the purpose of evading detection from email security software, which is why there is mandatory wrapping and password protection.

An encrypted file has an extension called .lockbit and has an icon that indicates its encryption status. Furthermore, the folder with the encrypted files has a ransom note named ‘Restore-My-Files.txt’ created inside of it.

Fake Copyright Claims

It is possible for a victim to view what images are being used illegally by simply opening the document intended to be a PDF attached to the email. If they open it, the malware will be loaded and the LockBit 2.0 ransomware will be used to encrypt the device.

In any case, you need not be surprised by LockBit using copyright violations as a tactic for malware distribution. Since it is a common lure that is used nowadays in several malware distribution campaigns.

Publishers of content should seriously consider this issue of copyright claims if they want to avoid legal issues in the future. 

If the notification doesn’t give you any concrete details about the violation or you are required to open attached files in order to view details in the complaint, then it is unlikely that it is a legitimate notice.

Users may run attached files without realizing they have done it, as e-mails distributing malware types like this may contain the name of the actual illustrator, whose work they are viewing. Therefore, users should be very cautious when they are downloading such attachments.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles