Bitcoin ransomware operators release stolen data of US residents

Attackers behind the LockBit Bitcoin ransomware have released some of the data stolen from a U.S based firm called Skyline, which organizes trade shows and exhibitions, according to the “Information Leaks” Telegram channel. Media reports did not mention whether the company had paid the ransom to retrieve the data or the funds involved. 

182,719 files in total were published that were said to contain scans of passports and bank account forms of residents in the US. It is unclear whether these residents were employees or trade visitors of the company. 

LockBit operators, who demand ransom in BTC from users who want to retrieve their data, spread the virus through hacking unsecured remote desktop configurations, phishing spam with malicious attachments, botnets, exploits, malicious ads, code injection, fake updates, and infected installers. The ransomware can also bypass user account control.

Moreover, this ransomware often targets companies and business users based in the United States, but it has also affected users in Germany, France and China. Moreover, the McAfee Global Threat Intelligence GTI database shared the global spread of the LockBit virus.

Image Source: McAfee