[BreachExchange] LockBit ransomware gang claims PayBito crypto exchange as new victim

Mon Feb 7 11:22:16 EST 2022

https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/

LockBit ransomware operators claim that they stole the PayBito database
that contains 100,000 customers’ information including email addresses and
“weak” password hashes.

The infamous LockBit ransomware gang is claiming to have hacked PayBito, a
global cryptocurrency exchange, and stolen its data including a database
with 100,000 customers’ information.

The group claimed the attack on Thursday, February 3rd on its official
website on the so-called dark web accessible through the Tor browser. In
its post, the operators of LockBit ransomware stated the stolen database
contains personal information of customers in the United States and other
countries worldwide.

It further claimed that the stolen records have email addresses and a “weak
hash algorithm” referring to a password algorithm that can be easily
decrypted into cleartext format. Additionally, the alleged data includes
the personal data of the exchange’s administrators.

It is worth noting that the PayBito exchange offers buying, selling, and
trading of Bitcoin, Ether, Bitcoin Cash, Litecoin, and several other
cryptocurrencies. The exchange is managed by HashCash, a Palo Alto,
California-based global blockchain and IT services company.

Threat intelligence feeds like Dark Tracer and Dark Feed have also tweeted
(1 & 2) about the alleged ransomware attack on PayBito. Nevertheless, the
bad news is that LockBit plans to publish the alleged stolen records on
February 21st, 2022 if their demand for ransom is not met.

History of LockBit ransomware gang
Like other ransomware gangs, LockBit’s modus operandi involves blocking
victims’ access to computer systems in exchange for a ransom payment.
LockBit, which itself is a malicious software, automatically vets for
valuable targets, spreads the infection, and encrypts all accessible
computer systems on a network.

The Lockbit ransomware gang emerged on the threat spectrum back in
September 2019 and made waves in June 2021 after launching LockBit 2.0 and
recruiting new partners. The gang claims to offer the “fastest data
exfiltration on the market through StealBit,” noted Emsisoft in the gang’s
profile.

StealBit is a data stealer that can download 100 GB of data from an
infected system within 20 minutes. Some of the gang’s previous victims
include Bangkok Airways, Accenture, Businesses in Europe, and French
Ministry of Justice, etc.

As for the alleged ransomware attack on PayBito, at the time of publishing
this article, the exchange or HashCash had not released any statement to
address the issue. However, Hackread.com has contacted the company and this
article will be updated based on their confirmation or denial.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220207/6044709b/attachment.html>