A brand new ransomware pressure referred to as “Mount Locker” is demanding that victims pay multi-million greenback ransom funds to get well their knowledge.
Based on Bleeping Laptop, the ransomware first started making the rounds in July 2020.
The malicious actors answerable for this risk took a cue from different crypto-malware gangs by stealing victims’ unencrypted knowledge and threatening to publish the information except they acquired cost.
Within the case of Mount Locker, ransom calls for generally climbed into the hundreds of thousands of {dollars}.
$2 million ransom demand from Mount Locker. (Supply: Bleeping Laptop)Mount Locker’s handlers adopted via on this risk after claiming to have stolen 400 GB from a sufferer. When the sufferer didn’t pay, the attackers revealed their info on their knowledge leak website.
That website indicated that Mount Locker had affected 4 victims on the time of Bleeping Laptop’s writing. Of these, the information of only one sufferer was accessible for viewing on the positioning.
An evaluation of 1 pattern by safety researcher Michael Gillespie supplied some perception into the ransomware’s encryption routine. As defined by Bleeping Laptop:
Mount Locker makes use of ChaCha20 to encrypt the recordsdata and an embedded RSA-2048 public key to encrypt the encryption key.
From our evaluation, when encrypting recordsdata, the ransomware will add an extension within the format .ReadManual.ID. For instance, 1.doc could be encrypted and renamed to 1.doc.ReadManual.C77BFF8C, as proven within the encrypted folder beneath.
After finishing its encryption routine, the ransomware registered its extension within the Registry in order that its ransom observe would load each time the sufferer tried to open one among their encrypted recordsdata. This message contained directions on how the sufferer might go about to submit their ransom cost utilizing Tor.
Mount Locker’s ransom observe. (Supply: Bleeping Laptop)Mount Locker suffered from no discernible weaknesses that made it doable for researchers to craft a free decryption utility on the time of study. It’s subsequently as much as customers and organizations alike to stop a ransomware an infection from occurring within the first place.