In case you come across a copyright infringement email in your inbox, think twice before opening the same, it might contain LockBit Ransomware.

How affiliates compromise systems?

In order to infect the machine, the malware loader is wrapped as a fake copyright claim and is sent to the recipient as an attached PDF.
  • The email informs the recipient that using media files without the creator's permission is a copyright violation.
  • The email threatens legal action unless the recipient removes the illegal content from their websites, and contains an attached file about the same.
  • As soon as the attachment is accessed, the malware will load and encrypt the device with the LockBit 2.0 ransomware.
  • The attached file is actually an NSIS installer; it is a password-protected ZIP archive with a compressed file inside.

Copyright Claims and Malware - Nothing New

  • The usage of copyright violation claims is not limited to just LockBit ransomware affiliates. In the past distributing BazarLoader or the Bumblebee malware loader has also carried out similar operations.
  • Downloading such files on your computer may lead to rapid and catastrophic attacks.

Final thoughts

The Lockbit ransomware is quickly growing rapidly. According to a recent analysis, LockBit 2.0 was responsible for 95 out of the 236 ransomware assaults that were reported in May 2022, or 40% of them. Together, Conti, BlackBasta, Hive, and BlackCat had 65.
Cyware Publisher