1 min read

New Ransomware MountLocker Uses Extortion and Data Exfiltration

Silviu STAHIE

December 15, 2020

New Ransomware MountLocker Uses Extortion and Data Exfiltration

Security researchers have identified a new piece of ransomware named MountLocker specializing in infection and data exfiltration, following the trend set in 2020 by similar threats.

MountLocker is distributed on a ransomware-as-a-Service (RaaS) model, which means its makers don”t use it themselves to attack organizations. In 2020, the ransomware threat has evolved into a new beast, moving from just encrypting systems to more complex procedures that involve stealing data and blackmail.

Another infamous example of similar ransomware is Maze, a group that claims to have shut down the service. Some of their more famous targets include SpaceX and Cognizant. It’s difficult to tell if the Maze operators actually stopped, or are rebranding under a different name.

On the other hand, the MountLocker ransomware is newer, and is still under development. It received a significant update in November as the operators try to evade cybersecurity tools. The ransomware encrypts the victims’ files using ChaCha20, and the file encryption keys are encrypted using RSA-2048.

“The ransomware appears to be somewhat secure; there are no trivial weaknesses allowing for easy key recovery and decryption of data,” says the security researchers from BlackBerry Incident Response Team. “MountLocker does however, use a cryptographically insecure method for key generation that may be prone to attack.”

Like Maze, the MountLocker ransomware uses the FTP protocol to steal data, allowing attackers to blackmail their victims, in addition to demanding payment for the decryption key. The blackmail is a direct response to the use of backup tools and cyber insurance.

“Since its inception, the MountLocker group have been seen to both expand and improve their services and malware,” the researchers also said.

Even if their tools are not as advanced as some older ransomware groups, this is not likely the last time we hear about MountLocker, as the group seems to be adapting and warming up for aggressive campaigns.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read