Bangkok Airways, Thailand’s top airline and a major regional player in Asian aviation, confirmed reports of a ransomware attack that resulted in passenger data being published on the dark web.
News of the cyber event surfaced after the notorious LockBit ransomware group claimed responsibility for the data breach through their leak website. The threat actors had threatened to expose the stolen data if Bangkok Air failed to meet their ransom demand.
Reportedly, the airline’s customers received official notification of the cyberattack via email. Bangkok Air described the incident as a cybersecurity attack that featured hacker access to the company’s information systems where passenger information got stolen.
The carrier went on to intimate that the compromised data included passenger names, nationality, gender, cellphone numbers, email addresses, passport details, travel history and bits of credit card information.
The airline, however, asserted that the ransomware attack did not affect the firm’s operational and aeronautical systems.
An August 25 Twitter post by the dark web intelligence company DarkTracer shared a screenshot of the countdown timer by LockBit 2.0 – the ransomware gang claimed to be in possession of more than 200GB of data that would be released if Bangkok Air failed to yield.
Figure 1: Screenshot of the Twitter post by the dark web intelligence firm DarkTracer about the LockBit threat countdown
So far, the amount of money being demanded by the threat actors has not been disclosed – but past experiences have shown that the ransomware group has not been conservative about their ransom demands, sometimes demanding payments of up to $50 million.
Bangkok Airways has since launched an investigation into the matter and notified the relevant authorities about the cyberattack.
LockBit 2.0 operates like its ransomware-as-a-service counterparts such as DarkSide and REvil. The hacker group employs an affiliate model, which involves the renting out of its ransomware platform to other threat actors in exchange for a sum of money as commission.
Past media reports have placed the ransomware group in the league of other major actors in the cybercriminal economy. Just recently, LockBit breached Accenture, the billion-dollar IT giant and world leader in business consulting, in an attack that allegedly involved a company insider.
Additionally, LockBit attackers have previously targeted various other victims in different sectors across the world.
The UK’s Merseyrail train network, which provides train service to sixty-eight stations in England, is one such victim. The April 2021 event came to public light after the cyber gang used the company’s email system to contact employees and journalists about the cyberattack.
Point to note, the Australian government had recently issued a security alert following an increase in reporting of LockBit 2.0 ransomware incidents in the country. The warning came hot in the heels of rising fears over reports that LockBit threat actors were willing to spend millions of dollars in recruiting target company insiders.