back to article Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data. Bangkok Airways' announcement about the matter came last Thursday, a day after LockBit posted a message on its dark web portal threatening the airline to pay a ransom or …

  1. Potemkine! Silver badge

    loses lotsa data after refusing to pay

    Nope, the data were lost before refusing to pay.

    Bangkok Airways was right not to pay. Even if it did, it could expect having the data sold to other miscreants anyway.

    1. Anonymous Coward
      Anonymous Coward

      Agree. Bangkok Airways was right on two counts: not giving in to the hackers and proactively informing about the hack.

  2. jgarbo
    Devil

    Don't mess with Dr Prasert

    They don't know who they're dealing with. Bangkok Airways owner (also owner of Samui airport), Dr Prasert is a tough cookie. He'd never pay, and more, he'd go after the hackers. I hope they're not Thai or they'll be sleeping with the fishes.

    1. RegGuy1 Silver badge

      Re: Don't mess with Dr Prasert

      I worry about this. So I back up my data every week and scp it to a remote disk.

      If I am ever hit with this I will only lose one week's data, which while painful isn't too bad. I never miss a backup, because my data is important to me. Also, for my bank account login details I never save them on my laptop, so if they do get my data they still won't be able to log in to my accounts.

      Finally, I lock my other logins with a master password on Firefox. I'm not sure how safe that is but at least it is one more hurdle for them to overcome.

      1. A random security guy

        Re: Don't mess with Dr Prasert

        And hackers look for precisely this behavior. A backup is worthless if it is not "tested". It is only if you can recreate the information you backed up can you trust that the hacker hasn't tampered with something in your backup process.

        It could something simple, like modifying your scp to encrypt using a public key before storing the file on the other side. Or it could be just storing 0's.

        That is something simple. Hackers are a lot more creative.

        1. Tom 7 Silver badge

          Re: Don't mess with Dr Prasert

          The ones the hackers see on my system are actually 256 bit encrypted /dev/zero files.

    2. Mahhn

      Re: Don't mess with Dr Prasert

      I hope he doesn't worry about nationality, and just feeds the fish.

      1. A.P. Veening Silver badge

        Re: Don't mess with Dr Prasert

        I hope he doesn't worry about nationality, and just feeds the fish.

        That might be a little difficult if the culprits aren't in Thailand.

  3. Andy The Hat Silver badge
    Coat

    is this fake news?

    What is ringing bells is the paragraph about UK rail operators and the contention that "Trains continued to run on time ..."

    Doesn't seem right to me ...

    1. IGotOut Silver badge

      Re: is this fake news?

      Maybe they STARTED to run on time and that's how they discovered the hack.

    2. katrinab Silver badge
      Meh

      Re: is this fake news?

      Merseyrail has a pretty decent track record for running trains on time, at least compare to other train operators. On the most recently published stats, they came 3rd after C2C and TfL Rail.

      Generally, train operators that are managed by local or regional government, such as Merseyrail, do better than those managed by central government.

      1. herman Silver badge

        Re: is this fake news?

        Merseyrail may be on time, but staying on the rails is another matter: https://www.bbc.com/news/uk-england-merseyside-56393532

  4. druck Silver badge

    The lot?

    The airline was given five days to sort payment, but instead of coughing up it disclosed the breach. LockBit responded by publishing the lot. Competing claims about the resulting data dump rate it at 103GB and over 200GB.

    I'm pretty sure it wasn't the lot or the victim would refuse to pay and just get back all their stolen data from the whichever shady corner of internet its ended up at (hoping it wasn't tampered with).

    1. Anonymous Coward
      Anonymous Coward

      Re: The lot?

      It's possible the ransom wasn't to get the data back, but to prevent it from being published. Regardless, refusing to pay the ransom and publicly declaring details about the incident were the Right Thing to do.

      If only there was a way to slip something destructive into a cryptocurrency payment. "Here's an installment on the payment... oh, looks like your systems just leaked their location. And your Bitcoin account password..."

  5. Tom 7 Silver badge

    Meal preferences?

    How do they know what I bring on board so I dont have to eat the shit they provide?

    1. A.P. Veening Silver badge

      Re: Meal preferences?

      How do they know what I bring on board so I dont have to eat the shit they provide?

      That would make you a statistical anomaly, not really important.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like