Security News > 2020 > December > MountLocker ransomware gets slimmer, now encrypts fewer files
MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files.
In a technical analysis published today, the BlackBerry Research and Intelligence Team notes that the new MountLocker variant comes with a compilation timestamp from November 6.
MountLocker encrypts files on the infected computers using the ChaCha20 stream cipher and the session key is then encrypted with a 2048-bit RSA public key embedded in its code.
Like other ransomware operations, MountLocker developers rely on affiliates for breaching corporate networks.
After obtaining the ransomware, the intruder took about 24 hours to run reconnaissance, steal files, move laterally, and deploy MountLocker.