How LockBit ransomware tricks people into infecting their devices?

LockBit ransomware associates are tricking people into infecting their own devices by impersonating malware into copyright claims. The ransomware affiliates are tricking people via sending emails that contain a copyright violation warning.

According to a source, these emails are detected by analysts at AhnLab in Korea. The analysts stated that the emails do not contain which files are the issuance of copyright violations rather they tell the recipients to open and download an attached file. The attached file is usually a password-protected compressed ZIP file that seems like a harmless PDF document. However, the file is actually an NSIS installer and the attackers have used this method to evade detection by email security tool. NSIS installer is a Nullsoft Scriptable Install System for producing a framework designed to create software installers. Once the recipient opens the file they install malware unintentionally into their device. The malware then loads and encrypts the device with the LockBit 2.0 malware.

According to NCC Group’s Threat Pulse report provided by the strategic threat intelligence team, LockBit 2.0 ransomware has a record number of victims in May 2022. Intel 471 has put malware at the top of the most virulent ransomware with widespread threats.

Warning- Do not open any emails from an unknown source.