Skip links

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data.

Bangkok Airways’ announcement about the matter came last Thursday, a day after LockBit posted a message on its dark web portal threatening the airline to pay a ransom or suffer a data leak.

The airline was given five days to sort payment, but instead of coughing up it disclosed the breach. LockBit responded by publishing the lot. Competing claims about the resulting data dump rate it at 103GB and over 200GB.

The data mostly contained business-related documents, but there was some passenger personal data in the mix. The personal data may have included names, nationalities, gender, phone number, email, address, passport information, travel history, partial credit card numbers and even meal preferences.

The Thai regional carrier said no operational or aeronautical security systems were impacted.

The airline said it is investigating the incident and has informed law enforcement agencies and customers. The latter group was advised to beware of scammers – especially anyone posing as Bangkok Airways asking for information like credit card details.

“For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible,” reads the company’s canned statement.

LockBit mostly targets organizations like enterprises and governments that will be disrupted enough by ransomware that paying up is the easy way out.

Earlier this month the gang hit outsourcing and accounting firm Accenture. Rumors swirled that the cybercrims demanded $50 million in cryptocurrency from the consulting MNC. The deadline was continually moved forward until Accenture concluded the stolen data was not significant.

Another LockBit target was UK train operator Merseyrail, which fell victim in April 2021. Trains continued to run on time, but the criminals got bragging rights after reportedly pwning a company director’s Office 365 account and using it to email employees and journalists about their achievement. ®