As reported by BleepingComputer (opens in new tab), recipients of these emails are warned that they used media files online without a license from their creator and that they must remove the content in question from their website or face legal action. According to a blog post (opens in new tab) from the antivirus company AhnLab which first discovered the campaign, the emails themselves don’t specifically state what content was used without permission. Instead, recipients are urged to download and open an email attachment for more information. The attachment is a password-protected ZIP file which contains an executable file disguised as a PDF. By entering the password contained in the email, unsuspecting users think they’ll find out more regarding the alleged copyright violation. However, doing so actually loads and encrypts a user’s devices with the LockBit 2.0 ransomware.
Ransomware-as-a-service model
Unlike with other ransomware, LockBit uses a ransomware-as-a-service (RaaS) model in which cybercriminals pay for access to the malware to use in their own attacks. In addition to earning a malware’s creator more, this business model also helps shield them from some legal risk as they aren’t personally infecting individuals and businesses with ransomware. The cybercriminals who purchase access to malware (likely on dark web hacking forums) to use in their attacks are known as affiliates. At the same time, using an RaaS model helps expand accessibility and the potential reach of a particular ransomware strain. This is because many different cybercriminals are using the same ransomware to attack multiple targets as opposed to a single group. When it comes to the most popular RaaS providers, LockBit is right up there with REvil, Maze, Ryuk and DarkSide. It’s also worth noting that several ransomware gangs including Maze have begun creating their own data leak sites in an attempt to coerce victims into paying their ransom demands. If a victim doesn’t pay up, their data is released publicly and available for other hackers to use in their attacks.
How to protect yourself from copyright violation scams
As copyright violation scams have become more prevalent in recent years, it’s worth keeping a close eye on your inbox to avoid falling victim to one yourself. First off, you should always be hesitant when an email or message tries to instill a sense of urgency and use your emotions against you. If you’re worried about a potential lawsuit for misusing an image on your website or on social media, you’re more likely to click on malicious links or attachments. This is why you should try to keep your cool and carefully read over emails from unknown senders before replying, clicking on links or downloading attachments. Even then though, you should likely avoid clicking on or downloading anything from someone you don’t personally know online. When it comes to phishing emails and other scams, spelling and grammatical errors can be a major red flag. As many cybercriminals don’t live in English-speaking countries, they are more likely to make common spelling or grammatical mistakes that a native speaker wouldn’t. Likewise, you should also examine the email address as well as the URLs of any links for spelling inaccuracies as this could be an attempt at brand impersonation. Even if you do happen to misuse copyrighted material on social media, you’re more likely to get a copyright strike first before receiving an email informing you about possible legal action. This means that you’ll get a message on the social media platform from the company itself instead of from the actual copyright holder over email.