LockBit Ransomware Hits PayBito Cryptocurrency Platform in Major Breach
Incident Date:
September 19, 2024
Overview
Title
LockBit Ransomware Hits PayBito Cryptocurrency Platform in Major Breach
Victim
PayBito
Attacker
Lockbit3
Location
First Reported
September 19, 2024
LockBit Ransomware Group Targets PayBito in Major Cyber Attack
The ransomware group LockBit has claimed responsibility for a significant cyber attack on PayBito, a prominent cryptocurrency platform based in Singapore. The breach, disclosed on the LockBit3 leak page, involves sensitive internal data and has raised serious security and privacy concerns for the company and its users.
About PayBito
PayBito is a comprehensive online platform that facilitates the launch and operation of various cryptocurrency-related businesses. Specializing in white-label solutions for cryptocurrency exchanges, brokerage services, payment gateways, and tokenization, PayBito enables entrepreneurs and established businesses to enter the crypto market with minimal technical barriers. The company operates under the umbrella of HashCash Consultants and has a significant presence in the blockchain technology space.
PayBito's primary product, PayBitoPro, allows users to set up their own cryptocurrency exchanges or brokerage services quickly. The platform supports a wide range of payment methods, trading options, and educational resources, making it a versatile solution for both new entrants and established businesses in the cryptocurrency sector. With operations in over 26 countries, PayBito is a key player in the global cryptocurrency market.
Details of the Attack
The ransomware attack on PayBito was discovered on September 19, following its publication on the LockBit3 leak page a day earlier. The breach involves sensitive internal data that could potentially impact approximately 172 users. The attack has exposed vulnerabilities in PayBito's systems, highlighting the risks associated with operating in the highly targeted cryptocurrency sector.
About LockBit
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware and double extortion tactics, LockBit encrypts victims' files using RSA-2048 and AES-256 encryption algorithms and threatens to release exfiltrated data publicly if the ransom is not paid. The group has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023.
LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs checks to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper.
Potential Vulnerabilities
PayBito's extensive use of APIs and its role in facilitating cryptocurrency transactions make it an attractive target for ransomware groups like LockBit. The company's rapid expansion and increasing client base may have also contributed to potential security gaps. The attack underscores the importance of stringent cybersecurity measures, particularly for companies operating in the high-risk cryptocurrency sector.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.