In a new case of phishing tactics performed by threat groups, the LockBit ransomware gang is seen tricking its victims into opening malware-laden files through fake copyright infringement claims sent on their emails.
The malicious emails contain the copyright violation message that attaches a file allegedly containing the victim’s illegally used copyright-protected material. Based on the email, the receiver will face legal action if they fail to remove the infringing content from their sites. However, since the email’s body would not mention which specific material was involved, the victim would be obliged to click on the attachment and download the file.
The attached ZIP archive is password-protected to hide the malicious content from antivirus email solutions. Once unzipped, a PDF-disguised document will be revealed, which will load the LockBit 2.0 ransomware to encrypt the compromised machine.
Using fake copyright infringement tactics against victims has been a rampant malware distribution campaign among cybercriminal actors.
Aside from LockBit, other threat groups who had been seen utilising the same tactics had spread other malware strains such as BazarLoader and Bumblebee malware loader against their victims.
Experts believe that cybercriminals using this kind of attack tactic have effectively spread their malware to unaware victims since copyright infringement claims are taken seriously. However, people must know that if a copyright violation notice sounds suspicious, including not directly showing which specific material was affected unless a file was downloaded, then the email might be a dangerous scheme propagated by hackers.
Recent reports revealed that the LockBit ransomware gang was attributed to about 40% of all ransomware attacks within May 2022, out of 236 attack incidents worldwide. There were 95 recorded victims of the ransomware group last month, while other notorious groups such as Conti, Hive, BlackBasta, and BlackCat had 65 recorded victims altogether.
According to studies, LockBit remains one of the top ransomware groups conducting cyberattack campaigns based on a report from the last quarter of 2021.