Security News > 2021 > April > Mount Locker Ransomware Aggressively Changes Up Tactics

The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers.

According to researchers, Mount Locker has been a swiftly moving threat.

Like many ransomware gangs, the operators not only lock up files, but also steal data and threaten to leak it if the ransom isn't paid, in a double-extortion gambit.

In terms of technical approach, Mount Locker uses off-the-shelf, legitimate tools to move laterally, steal files and deploy encryption, GuidePoint noted.

The changes have been accompanied by an uptick in Mount Locker attacks, especially those taking aim at companies in the biological tech industry.

Organizations can look for signs of Mount Locker or AstroLocker within their environments, such as CobaltStrike stagers and beacons; and, they should monitor for the staging and exfiltration of files via FTP. "While these would always be cause for alarman updated, more aggressive Mount Locker and the dramatic increase in attacks attributable to the group make these indicators of compromise particularly alarming," Schmitt concluded.

News URL

https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/