LockBit Ransomware Affiliates Trick Users With Malware Disguised As Copyright Claims

According to AhnLab researchers, LockBit ransomware affiliates are tricking users into downloading malicious documents via emails disguised as copyright claims.

The emails warned victims of copyright infringement, accusing them of using media files without the license of the author. In the email, recipients were asked to remove the infringing content from their websites or face legal action.

The recipients were asked to download and open the attached files to see the content of the infringement.

The attached document is a password-protected ZIP archive containing a compressed file. In the compressed file is an executable file disguised as a PDF document which in reality is an NSIS installer.

When the victim opens the alleged PDF document, the malware loads and encrypts the device with the LockBit 2.0 ransomware.

Copyright claims are important for publishers of content, but should be flagged if the claims are ambiguous, and ask them to open attachments to display the infringement details.

The tactic of copyright infringement while prominent is not limited to LockBit ransomware attackers alone. LockBit, however, remains the most dominant ransomware group with the most victims. According to NCC Group “Threat Pulse” report for May 2022, LockBit 2.0 accounted for 40 per cent or all (236) ransomware attacks reported in May.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web