BANGKOK, 7 September 2021: Specialised security media outlets ThreadPost and Bleeping Computer alleged Bangkok Airways was hacked by the LockBit 2.0 ransomware gang that claimed to have conducted cyberattacks against two airlines during the last week of August.

ThreatPost news channel said the “ransomware gang pulled off successful attacks against Bangkok Airways and may have also attacked Ethiopian Airlines and even an undisclosed international airport.

Bangkok Airways reported the cyberattack to authorities last
week and also warned passengers to secure their account information.

The attack was reportedly carried out by threat actor
LockBit, according to Bleeping Computer, which said the ransomware gang posted
a message on its leak site claiming responsibility for the breach.

ThreatPost commenting on the report from Bleeping Computer said: “the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site, “three days before the ransomware deadline date for the payment of the demanded ransom.”

According to ThreatPost, Bangkok Airways confirmed the
breach last Thursday, and LockBit 2.0 started a countdown clock the next day.
In its initial post, the gang claimed to have stolen 103GB worth of compressed
files that it threatened to release.

Bangkok Airways is now beefing up security and but has
advised passengers that the leak may have comprised the security of personal
data. Passengers need to be aware that the following records could have been
disclosed:

  • Passenger name
  • Family name
  • Nationality
  • Gender
  • Phone number
  • Email address
  • Other contact information
  • Passport information
  • Historical travel information
  • Partial credit-card information
  • Special meal information

The attackers failed to access Bangkok Airway’s operational or aeronautical security systems, the company said in its public disclosure.

In a related report, Channel Asia noted that the attack was at” least the third such major incident weathered by an airline operator in the Southeast Asia region this year.”

In March, Malaysia Airlines informed its Enrich frequent
flyer members of a “data security incident” via a third-party IT service
provider, insisting the breach avoided the national carrier’s core IT
infrastructure and systems.

Just days later, Singapore Airlines warned its own frequent
flyer members of a third-party breach affecting up to 580,000 people.

(Source: ThreatPost, Lisa Vaas 1 September 2021)
For the full report visit: https://threatpost.com/lockbit-publishes-bangkok-air-files/169101/