The airline introduced the breach on Thursday, and the ransomware gang began a countdown clock the subsequent working day.
The LockBit ransomware gang has seemingly struck all over again, obtaining purportedly stolen 103GB truly worth of documents from Bangkok Airways and promising to launch them tomorrow, on Tuesday.
A Dark Web intelligence business contacting itself DarkTracer (seemingly a independent intel organization than the improved-acknowledged DarkTrace) tweeted a display seize of a countdown clock from LockBit 2. that, as of Friday, showed four and a 50 % times still left. “LockBit ransomware gang has declared Bangkok Airways on the target record,” DarkTracer tweeted. “It announced that 103GB of compressed information will be introduced.”
[ALERT] LockBit ransomware gang has declared Bangkok Airways on the sufferer listing. It declared that 103GB of compressed documents will be introduced. pic.twitter.com/LT2C0Eixxn
— DarkTracer : DarkWeb Legal Intelligence (@darktracer_int) August 25, 2021
A day before, on Thursday, Bangkok Airways publicly acknowledged that it experienced been blasted with a cyberattack a week ago, on Monday, Aug. 23. It is nevertheless investigating the incident “as a make any difference of urgency,” the corporation stated in a push release, and is performing on beefing up its defenses.
“Upon such discovery, the firm instantly took action to examine and include the event, with the support of a cybersecurity group. At present, the organization is investigating, as a subject of urgency, to confirm the compromised data and the affected travellers as nicely as having pertinent actions to improve its IT method.” —Bangkok Airways push release
So considerably, it looks like affected personal details belonging to passengers include things like:
- Passenger identify
- Family name
- Phone selection
- Email deal with
- Other speak to info
- Passport information and facts
- Historical travel data
- Partial credit rating-card info
- Distinctive food info
The attackers evidently didn’t deal with to access Bangkok Airway’s operational or aeronautical security programs, the company said. The business apologized, stating that “Bangkok Airways General public Company Confined will take the security of passenger’s facts incredibly seriously and the airline is deeply sorry for the get worried and inconvenience that this destructive incident has triggered.”
The airline claimed that it has notified the suitable authorities, which includes the Royal Thai law enforcement.
LockBit 2. is very similar to its ransomware-as-a-service (RaaS) brethren DarkSide and REvil: Like people other functions. LockBit takes advantage of an affiliate design to hire out its ransomware platform, getting a cut of any ransom payments that result.
The gang went on a hiring spree in the wake of DarkSide and REvil both shutting down functions, putting up wallpaper on compromised programs that contains text inviting insiders to enable compromise devices and promising payouts of tens of millions of bucks.
Before this month, LockBit attacked Accenture, a international enterprise consulting company with an insider observe on some of the world’s most significant, most effective businesses.
At the time, Cyble researchers prompt in a Tweet stream that the Accenture attack could have been an insider task. “We know #LockBit #threatactor has been using the services of corporate staff to obtain accessibility to their targets’ networks,” they tweeted, together with a clock counting down how much time was left for Accenture to cough up the ransom.
In accordance to a report released two months ago by Development Micro, attacks in July and August have used LockBit 2. ransomware that attribute a souped-up encryption approach.
Threatpost has arrived at out to DarkTracer for a lot more facts and an update, and has arrived at out to DarkTrace to uncover out more about its close to-namesake. We also reached out to Bangkok Airways for far more particulars, including no matter whether a ransom has been demanded, irrespective of whether the company has figured out how several clients were impacted by the breach and whether it plans to offer you id-theft defense.
Watch Out for Phishing Makes an attempt
Bangkok Airways recommends that passengers make contact with their bank or credit rating-card supplier and adjust any compromised passwords ASAP. Also, it proposed that travellers retain their eyes out for suspicious or unsolicited calls and/or emails – significantly phishing tries saying to be coming from Bangkok Airways that attempt to get private information.
Bangkok Airways won’t be speaking to shoppers to inquire for payment-card information or the like, it stated. If travellers encounter these kinds of phishing makes an attempt, Bangkok Airways reported that they need to report it to regulation enforcement and to the airline, at:
- Toll-free amount 1-800-010-171 (in just Thailand) involving 8 a.m. and 5:30 p.m. (Thai nearby time)
- Toll quantity 800-8100-6688 (Overseas) during between 8 a.m. and 5:30 pm (Thai neighborhood time)
- Email: [email protected]
Verify out our free of charge impending reside and on-demand from customers webinar functions – one of a kind, dynamic discussions with cybersecurity experts and the Threatpost community.
Some elements of this post are sourced from: