Copyright Claims Used as Bait by LockBit 2.0 Affiliates in Korea

New Way to Cheat Ransomware Victims into Opening Infected Emails

A new type of email-bait has been invented by the affiliates of LockBit 2.0.

Specialists at AhnLab Inc, a South Korean security software company, have noticed that LockBit 2.0 affiliates began spreading their encrypting pests via emails that pretend to be copyright infringement messages. Considering the ransomware victims are usually companies, not individuals, it is not surprising that some copyright claims are often credible cases, especially if the victim is a software, let alone a game development company. It is enough for a company’s employee to see a well-known name of an illustrator, visual designer, or composer mentioned in the message. They will open the file, forgetting about any cyber threats.

These fraud cases have been spotted mainly in South Korea. The emails have a compressed file enclosed with another compressed file inside. The goal of the malefactors is to make the victim open what looks like a PDF file which is actually a malicious executable.

It is a curious psychological trick we are observing here. Instead of hiding their malware behind a luring façade, the crooks use a disguise of a different nature – an annoying message. You don’t want to open it, but you have to. It even takes courage to open a message with copyright claims, debts for utility bills, subpoenas, etc. The victims drop their guard, not expecting this message to contain anything else they should fear except that very thing that shows on the letterhead. “I could have left it for tomorrow, but I prefer to look the reality in the eye,” – the victim thinks. Thus it is easier to make a person open an attachment that overtly frightens with financial (or any other losses) than the one that promises benefits.

LockBit 2.0 is one of the most widespread species of ransomware, that has been competing only with Conti group, until the latter has seemingly been disbanded recently. If Conti has openly supported Russia in the context of Russian invasion of Ukraine, LockBit 2.0, on the contrary, denied its connection with Russian ransomware groups in any possible way. Not that it makes the gang good, but at least it makes it somewhat outstanding.
The third generation ransomware has been officially released by LockBit recently with a bug bounty program already working. Users are invited to report on found bugs in newly released software for a significant reward. Thus, the dominance of this gang will probably last.

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

View all of Stephanie Adlam's posts.

Leave a comment

Your email address will not be published. Required fields are marked *