Sunday, February 21, 17:27
Home security FBI: Second warning for ProLock ransomware that steals data!

FBI: Second warning for ProLock ransomware that steals data!

A few days ago, the FBI issued a second warning to US companies about the ProLock ransomware, which steals date from violated networks before encrypting them systems of its victims. The notice 20200901-001 issued by the FBI on September 1 comes after the notice MI-000125-MW issued by the FBI on the same subject on May 4, 2020.

ProLock ransomware

In the previous warning, the FBI warned companies that the ProLock decryptor was not working properly and that the data would be lost, as archives over 64MB may be corrupted during the decryption process.

ProLock ransomware started its activity as PwndLocker at the end of 2019, targeting both American businesses as well as local governments. PwndLocker was renamed ProLocker last March after fixing a bug that allowed encrypted files to be freely decrypted, and began scaling back to corporate networks.


The increase in ransomware activity was most likely the result of a collaboration with the QakBot terrorist gang banking trojan, which made it much easier access in the networks of young victims. Since March 2020, ProLock ransomware operators have been extracting information from their victims' devices before developing payloads their. ProLock ransomware operators then use the stolen data as a means of persuading victims' organizations to pay ransom starting at $ 175.000 and can reach over $ 660.000, depending on the size of the breached network.

To date, ProLock has successfully encrypted the networks of organizations around the world, from various industries, including healthcare, construction, finance and law, including government agencies. USA. ProLock operators have used a variety of methods to breach their victim systems, including phishing emails, which contained malicious QakBot attachments, the use of stolen credentials and exploiting configuration flaws in target systems.

Malicious agents have been spotted archiving stolen data and uploading it to cloud storage platforms such as OneDrive, Google Drive and Mega, with its help Rclone cloud storage sync command-line tool.

ProLock ransomware-FBI alert

The FBI advises organizations affected by ProLock ransomware attacks not to pay the ransom they are being asked to pay, as it will encourage the ransomware gang to target other victims and even fund their future illegal "businesses".

However, the FBI acknowledges the damage that agencies could face in the face of such attacks and urges victims to report attacks as soon as their systems are infected with ProLock ransomware, regardless of whether they decide to pay for a decryptor or not.

warning organizations

Reporting the attack to the FBI for related information, such as phishing emails, recovered ransomware samples, ransom notes, and network traffic logs, could help prevent other attacks and identify the attackers.

In addition, the FBI recommends that US agencies back up their data periodically to an off-line / off-site backup site and keep it up to date. software to correct any security errors discovered by ProLock operators. Finally, organizations are advised to implement two-factor authentication (2FA) and disable unused RDP instances as well as automatic attachments to email clients.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...