LocKBit 2.0 ransomware gang has been on a data breach spree over the last months and looks like it’s planning more attacks soon.
The LockBit group previously attacked Accenture and stole 6 Tb of data. It demanded $50 million not to leak the company’s data. Following the attack, the threat actor claimed they had stolen sufficient data to breach some Accenture clients. This claim now seems plausible after the latest breaches at airlines.
Last week, Bangkok Airways revealed that its systems were attacked earlier this month. The ransomware attack was confirmed when LockBit posted a message on their leak site claiming they had breached the company and threatened to publish the stolen data unless the ransom is paid.
On Saturday, LockBit ransomware leaked more than 200 Gb of sensitive data belonging to the Thai airlines on its leak site. The incident disproves the company’s claims that its security measures are enough to protect its customers.
The attack happened on August 23. The airline immediately launched an investigation and took steps to contain the situation.
While the attack did not affect the airline’s operational systems, it could have accessed the personal data of its passengers. The attackers got access to sensitive information such as passport details, credit card details, and physical addresses. Bangkok Airways advises its customers to be on the lookout for fraudulent emails and phone calls that claim to be from the company.
Before the incident involving Thailand’s Bangkok Airways, the hackers behind the LockBit ransomware had already compromised the systems of another airline company, Ethiopian. They announced the breach on August 23 and threatened with publishing the stolen data.
Both attacks took place after the Accenture breach. According to the company, the individuals behind the attacks were able to access its systems by using an insider. This matches the next claim of the ransomware gang that they had stolen sufficient data to breach its clients.
The threat actor said to BleepingComputer that they were able to gain access to the credentials “that would enable them to go after company customers.”
The hackers also claimed that they were able to access an airport’s systems using Accenture’s software and encrypted its systems.
If LockBit’s claims are true, we may soon see more victims of this ransomware gang.