Bangkok Airways, Thailand's largest airline and a significant regional player in Asian aviation, verified claims of a ransomware assault in which passenger data was leaked into the dark web.
The data breach was made public when the renowned LockBit ransomware gang claimed credit for it on their leak website. If Bangkok Air did not pay the ransom, the threat actors threatened to release the stolen data.
According to reports, the airline's customers were notified of the hack through email. The event was reported by Bangkok Air as a cyber-security breach involving hacker access to the company's computer systems, which resulted in the theft of passenger data.
Passengers' names, nationalities, genders, telephone numbers, email addresses, passport information, travel history, and pieces of credit card information were among the data stolen, according to the airline.
The airline, on the other hand, claimed that the ransomware assault had no impact on the company's operational or aeronautical systems.
A picture of LockBit 2.0's countdown timer was published on Twitter on August 25 by the dark web intelligence firm DarkTracer. The ransomware gang claimed to be in possession of more than 200GB of data that would be leaked if Bangkok Air failed to capitulate.
The amount of money sought by the threat actors has not yet been revealed – but previous experiences have proven that the ransomware gang is not shy about asking large sums of money, sometimes up to $50 million.
Bangkok Airways has already begun an inquiry into the incident and reported the cyber-attack to the appropriate authorities.
What is LockBit?
LockBit 2.0 works similarly to other ransomware-as-a-service threats like DarkSide and REvil. The hacker collective uses an affiliate model, in which it rents out its ransomware platform to other threat actors in exchange for a commission payment.
According to previous media reports, the ransomware organization is on par with other big players in the cyber-criminal economy. Accenture, the billion-dollar IT behemoth and world leader in business consultancy, was recently infiltrated by LockBit in an assault that reportedly involved a corporate insider.
Furthermore, LockBit attackers have previously attacked a variety of other victims in a variety of industries throughout the world.
The Merseyrail railway network in the United Kingdom, which serves 68 stations across England, is one such casualty. The cyber-gang exploited the company's email system to notify workers and media about the cyber-attack in April 2021.
It's worth noting that the Australian government recently issued a security advisory in response to an uptick in reports of LockBit 2.0 ransomware attacks in the nation. The warning comes on the heels of allegations that LockBit threat actors were ready to pay millions of dollars to recruit target business insiders, causing widespread concern.
Cyber-attacks are still skyrocketing and are more common than ever before. It is becoming clear that Cyber-security should not be taken forgranted. It is the new normal to take steps protecting yourself from external cyber-threats.