MountLocker: A Growing Threat!

The use of ransomware is on the rise and it has become a very successful criminal business model that many copycats are applying.

14:07 16 December 2020

Ransomware is spread through phishing emails that contain malicious attachments, and when the device is infected, victims find themselves locked out of their network with their data encrypted, and asked for a certain ransom in exchange of decryption.

 

If we take a look at previous ransomware attacks, we can see that its not just staying still. In fact, this family of malware is advancing and could become a major threat going forward.

 

Lately, cybersecurity researchers at Blackberry have been analyzing the growing ransomware MountLocker, which they state that it’s just warming up. What is MountLocker? How dangerous can it be in the near future? Here’s everything you need to know.

 

Ransomware in general gets upgraded regularly to surpass any defense mechanisms used to shield a target’s device from it.

 

In MountLocker’s case, we have to speak of the ransomware as a business itself. It doesn’t only rely on phishing links to deploy itself, there’s more to it.

 

It uses affiliate schemes in order to find and target its victims. For example, the attackers behind the malicious software negotiate with hackers who already have their certain network compromised.

 

With the right price, they ask them to deploy their ransomware, resulting in an easy and sufficient spread across several devices. That way, MountLocker attackers and the hackers they collaborate with make easy money.

 

According to Tom Bonner, 

 

Affiliates are often separate organised crime groups, who go looking for easy - and not so easy - entry into networks."

 

MountLocker was first encountered in July 2020, and in November, it got a major upgrade. Here’s what Blackberry researchers found:

 

• The malware can now target a broader range of file types and can evade security software.
  
  
• It uses RSA-2048 file encryption keyes and the encryption itself is ChaCha20.
  
  
• It’s advanced enough to have no trivial weaknesses that allow easy key recovery or data decryption. 
  
  
• Uses CobaltStrike Beacon to deploy MountLocker ransomware.
  
  
• It infiltrates sensitive client data using FTP before applying the encryption.

 

Just like any other ransomware, MountLocker asks for hefty payments to recover and prevent the public disclosure of stolen data, mostly in Bitcoin.

 

Again, according to Blackberry, the ransomware’s operators host a dark web where they announce their recent targets and provide visitors with links to leaked data. 

 

As of now, the website only lists a couple of victims, but Blackberry believes that the actual number far surpasses that of what the website states.

 

Final Words

 

As mentioned, ransomware, or cybercrime in general, are on the rise. You never know when you’re going to become the target of criminals who are after your private information and money.

 

The best way to avoid such predicaments is to educate yourself on how to enhance your online privacy and security. To do so, you have to follow guides and read all about the threats you might face using websites such as Anonymania and the likes. 

 

As a result, you’ll prepare yourself against anything that might target your device and have a better chance of fending off any attack.