Security News > 2020 > December > Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers
A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software-as well as with ability for its affiliates to launch double extortion attacks.
The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing files before encryption and demanding ransom amounts in the millions to prevent public disclosure of stolen data, a tactic known as double extortion.
To date, the ransomware has claimed five victims, although the researchers suspect the number could be "Far greater."
Now according to BlackBerry's analysis, threat actors behind MountLocker-related affiliate campaigns leveraged remote desktop with compromised credentials to gain an initial foothold on a victim's environment - something that was observed in Gunnebo's hack as well - and subsequently install tools to carry out network reconnaissance, deploy the ransomware and laterally spread across the network, and exfiltrate critical data via FTP. The ransomware in itself is lightweight and efficient.
The researchers point out that the ransomware uses a cryptographically insecure method called GetTickCount API for key generation that may be susceptible to a brute-force attack.
News URL
Related news
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)