For HomeFor BusinessFor Partners
Industry News
1 min read

New Ransomware MountLocker Uses Extortion and Data Exfiltration

Silviu STAHIE

December 15, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New Ransomware MountLocker Uses Extortion and Data Exfiltration

Security researchers have identified a new piece of ransomware named MountLocker specializing in infection and data exfiltration, following the trend set in 2020 by similar threats.

MountLocker is distributed on a ransomware-as-a-Service (RaaS) model, which means its makers don”t use it themselves to attack organizations. In 2020, the ransomware threat has evolved into a new beast, moving from just encrypting systems to more complex procedures that involve stealing data and blackmail.

Another infamous example of similar ransomware is Maze, a group that claims to have shut down the service. Some of their more famous targets include SpaceX and Cognizant. It’s difficult to tell if the Maze operators actually stopped, or are rebranding under a different name.

On the other hand, the MountLocker ransomware is newer, and is still under development. It received a significant update in November as the operators try to evade cybersecurity tools. The ransomware encrypts the victims’ files using ChaCha20, and the file encryption keys are encrypted using RSA-2048.

“The ransomware appears to be somewhat secure; there are no trivial weaknesses allowing for easy key recovery and decryption of data,” says the security researchers from BlackBerry Incident Response Team. “MountLocker does however, use a cryptographically insecure method for key generation that may be prone to attack.”

Like Maze, the MountLocker ransomware uses the FTP protocol to steal data, allowing attackers to blackmail their victims, in addition to demanding payment for the decryption key. The blackmail is a direct response to the use of backup tools and cyber insurance.

“Since its inception, the MountLocker group have been seen to both expand and improve their services and malware,” the researchers also said.

Even if their tools are not as advanced as some older ransomware groups, this is not likely the last time we hear about MountLocker, as the group seems to be adapting and warming up for aggressive campaigns.

tags

Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read
3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns
Industry News Spam

3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns

August 10, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Scammers Are Tempting Telecom Employees with $300 Bribe Offers for SIM Swapping Help
Industry News

Scammers Are Tempting Telecom Employees with $300 Bribe Offers for SIM Swapping Help
Filip TRUȚĂ

April 17, 2024

2 min read
Top Reasons Why Consumers Shun Mobile Security Apps
Industry News

Top Reasons Why Consumers Shun Mobile Security Apps
Filip TRUȚĂ

April 16, 2024

2 min read
Telegram Patches Zero-Day Python Script Vulnerability in Windows Client
Industry News

Telegram Patches Zero-Day Python Script Vulnerability in Windows Client
Vlad CONSTANTINESCU

April 16, 2024

2 min read

Bookmarks

loader