The skyline company was recently the victim of a ransomware attack by LockBit, a group that resorted to leaking compromised information to pressure its victims. Finally, it has been revealed that the data of this company have been exposed in dark web forums.
In total, 182,719 files were published, equivalent to more than 40 GB of information. The database exposed includes passport scans, forms and financial details (full credit card numbers).
LockBit is a group of ransomware that usually attacks large companies and individuals on commercial sites. A first variant of encryption malware was detected in 2019 attacking multiple users in English-speaking countries; by January 2020, cases of infection had already been detected in the United States, Australia, France and even China.
Usually, the hackers behind this variant of ransomware resort to abuse of unsafe remote desktop configurations, sending phishing emails with malicious attachments, botnets, exploiting vulnerabilities, injecting code AND fake updates or installers.
Regarding the capabilities of the ransomware once installed, LockBit can evade any access control on user accounts. Once on the victim’s computer, LockBit deletes snapshots of the files, disables Windows repair and repair functions at boot time, and clears the operating system logs.
Although ransomware is one of the most popular security threats and companies try to take more and better security measures, these attacks remain highly effective, so it is advisable to stay safe from infection.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.