As reported by BleepingComputer (opens in new tab), recipients of these emails are warned that they used media files online without a license from their creator and that they must remove the content in question from their website or face legal action.
According to a blog post (opens in new tab) from the antivirus company AhnLab which first discovered the campaign, the emails themselves don’t specifically state what content was used without permission. Instead, recipients are urged to download and open an email attachment for more information.
The attachment is a password-protected ZIP file which contains an executable file disguised as a PDF. By entering the password contained in the email, unsuspecting users think they’ll find out more regarding the alleged copyright violation. However, doing so actually loads and encrypts a user’s devices with the LockBit 2.0 ransomware.
Unlike with other ransomware, LockBit uses a ransomware-as-a-service (RaaS) model in which cybercriminals pay for access to the malware to use in their own attacks.
In addition to earning a malware’s creator more, this business model also helps shield them from some legal risk as they aren’t personally infecting individuals and businesses with ransomware. The cybercriminals who…