LockBit Ransomware Gang Hits Air Albania, Puts Payment Deadline as Feb 14

Air Albania, the flag carrier airline of Albania, was listed as a target by the LockBit ransomware group. The threat note was posted on the leak site on 30 January. The deadline for ransom payment is 14 February.

The company’s name appeared among other victims, including US regional broadcaster PBS KVIE, and CPL Industries. The carrier’s website was accessible at the time of publishing the report. The company is yet to respond to the requests for comment from The Cyber Express.

Air Albania, the latest in the chain 

Albania has been facing cyber-attacks in recent months, for which its government blamed Iran-sponsored threat actors. 

The relationship between the two nations has been tense for years and has only worsened after reports of Albania providing refuge to members of the opposition group, People’s Mujahedeen of Iran (MEK), surfaced. 

In September 2022, the computer systems of the airlines including that of other vital transport hubs of the country such as seaports, airports, and border crossings, were shut down to “neutralize the act and secure systems” after Albania suffered repeated cyber attacks. 

The interior ministry pointed the finger at Iran, which was also blamed for previous cyber intrusions on the country’s systems.  

“The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in July attacked the country’s public and government service systems,” the ministry said in a statement. 

Albania cut diplomatic ties with Iran after accusing it of being behind the attempted cyber attack in July 2022 aimed at disrupting public services, accessing data, and infiltrating government communications systems.  

Air Albania, aviation, and ransomware attack 

Air Albania is a joint venture by the Albanian and Turkish governments, founded in 2018 as a public–private partnership.  

Founding partner Turkish Airlines owns 49.12% shares of the carrier. The remaining 50.88% is split between Albanian government body Albcontrol (10%) and privately held Albanian company MDN Investment (41%). 

LockBit ransomware gang has been targeting aviation sector frequently. It attacked Bangkok Airways, a major airline company in Thailand, in September 2021, Israeli aerospace and defense firm E.M.I.T Aviation Consulting in October 2021, and Kuwait Airlines in June 2022. 

PBS station KVIE, AirAlbania, CPL Industries, UK, 8×8…

LockBit posts 7 new victims so far.#LockBit #cybersecurity #infosec https://t.co/FAHrrHLayl pic.twitter.com/GsFGy3qGmS

— Dominic Alvieri (@AlvieriD) January 30, 2023

The hacker group is known to target various organizations, including those in the healthcare, financial, and technology sectors.  

LockBit Ransomware: Rise to prominence 

Conti and LockBit were the most prolific ransomware gangs globally in 2022, claiming 22.2% and 11.5% of the total recorded attacks, respectively. With the disintegration of Conti, LockBit has more or less taken the top slot. 

LockBit ransomware news encrypts the primary access to the system and steals sensitive information from directories and networks. It is highly infectious, rendering a user’s access to system files and documents useless. 

Victims are typically forced to pay a ransom in exchange for the decryption of their data. In some cases, the threat actors demand large sums of money and threaten to release or delete confidential files. 

Previously, LockBit operated under a centralized hierarchy, but the leak of the ransomware gang caused other threat actors to jump on the LockBit builder and create their own version of the malware. This could be disastrous for enterprises, leading to a surge in LockBit-based cyber attacks as every threat actor will have access to its source code. 

With the advanced features of the leaked LockBit 3.0 builder, multiple organizations could be targeted by new campaigns launched by different threat actors using modifiable malware versions.