New Ransomware MountLocker Uses Extortion and Data Exfiltration
Security researchers have identified a new piece of ransomware named MountLocker specializing in infection and data exfiltration, following the trend set in 2020 by similar threats.
MountLocker is distributed on a ransomware-as-a-Service (RaaS) model, which means its makers don”t use it themselves to attack organizations. In 2020, the ransomware threat has evolved into a new beast, moving from just encrypting systems to more complex procedures that involve stealing data and blackmail.
Another infamous example of similar ransomware is Maze, a group that claims to have shut down the service. Some of their more famous targets include SpaceX and Cognizant. It’s difficult to tell if the Maze operators actually stopped, or are rebranding under a different name.
On the other hand, the MountLocker ransomware is newer, and is still under development. It received a significant update in November as the operators try to evade cybersecurity tools. The ransomware encrypts the victims’ files using ChaCha20, and the file encryption keys are encrypted using RSA-2048.
“The ransomware appears to be somewhat secure; there are no trivial weaknesses allowing for easy key recovery and decryption of data,” says the security researchers from BlackBerry Incident Response Team. “MountLocker does however, use a cryptographically insecure method for key generation that may be prone to attack.”
Like Maze, the MountLocker ransomware uses the FTP protocol to steal data, allowing attackers to blackmail their victims, in addition to demanding payment for the decryption key. The blackmail is a direct response to the use of backup tools and cyber insurance.
“Since its inception, the MountLocker group have been seen to both expand and improve their services and malware,” the researchers also said.
Even if their tools are not as advanced as some older ransomware groups, this is not likely the last time we hear about MountLocker, as the group seems to be adapting and warming up for aggressive campaigns.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 05, 2021
August 04, 2021