Quote:After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site.
BleepingComputer posted an image (shown below) of LockBit’s “Encrypted Files Are Published” post, dated Saturday, Aug. 28, 19:37:00. That’s three days earlier than its original countdown clock: In that post, the ransomware-as-a-service (RaaS) gang promised that encrypted files would be published yesterday (Tuesday) if the airline didn’t pay the ransom. The sum of the demanded extortion hasn’t been reported.
Saturday’s LockBit post reads:
Quote:“Bangkok Airways. We Have More Files (Extra +200GB) To Show And Many More Things To Say … They said : We protect our customers privacy” But with P@ssw0rd for all system and domain admins Extra :”The post included a series of redacted links.
The news outlet, which has been talking with the gang, reported that before LockBit went after Bangkok Airways on Aug. 23, the group also published encrypted files from another airline: Ethiopian Airlines.
The threat actor told the publication that the Accenture breach from earlier this month yielded the credentials used in both of the airline attacks. LockBit also claimed to have encrypted the systems of an unnamed airport using Accenture software.
UPDATE: After this article was published, Accenture reached out to Threatpost to deny LockBit’s claims. Its statement: “We have completed a thorough forensic review of documents on the attacked Accenture systems. This claim is false. As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers.”
Read more: LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
