Affiliates of the LockBit ransomware operation have been leveraging fake copyright violation claims as phishing
lures to facilitate malware spread, BleepingComputer
Copyright violation emails sent by attackers demanded recipients to remove infringing content from their sites but asked recipients to download and open an attached file to determine the unfairly used content, a report from AhnLab revealed. Opening the file with a PDF-disguised NSIS installer will prompt loading and file encryption with LockBit 2.0 ransomware.
Similar lures have been used to spread the Bumblebee and BazarLoader malware loader, according to BleepingComputer.
The new LockBit phishing lure comes after NCC Group reported LockBit 2.0's domination in ransomware attacks last month. LockBit victimized 95 organizations last month alone, compared with the 65 victims of Black Basta, BlackCat, Conti, and Hive combined.
Intel 471 researchers also noted that LockBit 2.0 was the most prolific ransomware gang in the fourth quarter of 2021.