ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

2020-05-18 19:31

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.

A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims' networks.

ProLock ransomware first emerged in March as a successor to another recent malware strain, PwndLocker, and has made its mark targeting financial, healthcare, government and retail organizations.

ProLock relies uses unprotected Remote Desktop Protocol servers with weak credentials to infect some victims, a fairly common technique for ransomware operators.

QakBot brings a slew of new capabilities that elevates ProLock's ransomware attack vector: It not only has keylogging capabilities, but is also able to run additional scripts like Invoke-Mimikatz - allowing the attacker to employ credential dumping by pulling multiple passwords from the machine.

News URL

https://threatpost.com/prolock-ransomware-qakbot-trojan/155828/

#ransomware #teams #trojan