Bangkok Airways hit by LockBit ransomware cyber attack

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data, including partial credit card numbers and even passenger meal preferences

The company’s announcement about the matter came last Thursday, a day after LockBit posted a message on its dark web portal threatening the airline to pay a ransom or suffer a data leak.

Refusal to pay led to data dump

The airline was given five days to sort out payment, but instead of paying, it chose to disclose the breach. LockBit responded by publishing all the breach’s information. Competing claims about the resulting data loss rate it at 103GB and more than 200GB.

The data mostly contained business-related documents, but there was some passenger personal data in the mix. The personal data may have included names, nationalities, sex, phone number, email, address, passport information, travel history, partial credit card numbers and even passenger meal preferences.

The Thai regional carrier said however that no operational or aeronautical security systems were impacted.

The airline said it is investigating the incident and has informed law enforcement agencies and customers. Customers were again advised to beware of scammers, especially anyone posing as Bangkok Airways asking for information like credit card details.

A Bangkok Airways statement stated: "For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible.”

LockBit’s aims and successes

LockBit mostly targets organisations like enterprises and governments that will be disrupted enough by ransomware so that paying up is the best option to resolve the matter.

Earlier this month the same group hit outsourcing and accounting firm, Accenture. Rumors swirled that the cybercriminals had demanded $50 million in cryptocurrency from the consulting MNC. The deadline was continually moved forward until Accenture concluded that the stolen data was not significant.

Another LockBit target was UK train operator Merseyrail, which fell victim in April. Its trains continued to run on time, but the criminals reportedly got into a company director's Office 365 account and used it to email employees and journalists about their achievement.