Since the discovery of Mountlocker Ransomware at the end of July 2020, it took its pace very well and has been growing in essence, and has become very prominent & geographically versatile. Recently, BlackBerry researchers published a technical analysis of a new MountLocker variant.
The latest MountLocker version first surfaced in the wild in late-November, with a compilation timestamp from early-November.
- It has been found that the new MountLocker ransomware is comparatively smaller in size than the previous versions, aiming to vanish the vast list of file extensions. It shares approximately 70% similarity with the parent MountLocker and no apparent changes.
- Although the MountLocker operators have been relying on affiliates for an initial intrusion into corporate networks. Ransomware-as-a-Service(RAAS) and collaborating firms will be deploying the ransomware widespread, looking forward to this as multimillion-dollar payments for decryption services.
- For sneaking 7 stealing the data prior to encryption the affiliates of MountLocker were observed using public tools such as CobaltStrike Beacon & AdFind in these attacks for reconnaissance and lateral movement on the network.
- In mid of November, the same version had added file extentions such as .tax, .tax2009, .tax2013, .tax2014, following with TurboTax software for preparing tax return documents.
- Following their work and continuing the same the group also targeted Sonoma Valley Hospital & stole & leaked its data online that though in the same month i.e. November
- Prior to these works, they targeted Sweden’s security firm Gunnebo AB in October.
Concluding with the statement, The MountLocker group is trying to expand its scope and enhancing their capabilities which I felt they’ve almost accomplished in their aim that though in a very short span of time. Ransomware has been able to target its victims worldwide that though, with improved capabilities & affiliation, it is likely to become a prominent threat for global organizations.
Post comments (0)