Tuesday, October 27, 11:46
Home security Mount Locker: Another ransomware that demands ransom of millions of victims ...

Mount Locker: Another ransomware that demands ransom of millions of its victims

Researchers have discovered a new ransomware business called "Mount Locker", which is in progress, with hackers who are behind it to steal the archives of their victims before encryption and then demand a ransom of several million dollars.

From the end of July, the gang of Mount Locker began to breach corporate networks and develop its ransomware on them. From the ransom notes shared by the victims on BleepingComputer, it appears that the Mount Locker gang is asking its victims to pay a multimillion-dollar ransom in some cases.

Mount Locker ransomware ransom

Before encrypting files, Mount Locker steals unencrypted files and threatens victims that data contained in them will be leaked, in case the victim refuses to pay the required ransom.

For example, the Mount Locker gang told a victim they stole 400 GB of data that would leak to the victim's competitors, the media, television and newspapers if the victim did not pay the ransom. Eventually, the victim did not pay, with the result that his stolen data was leaked to a ransomware site leakage data. This site currently has four victims, of which only one has leaked files.

Mount Locker site

MalwareHunterTeam recently discovered a sample of Mount Locker, which provided an overview of how ransomware works.

Michael Gillespie, who analyzed the ransomware, said Mount Locker uses it ChaCha20, for file encryption, and a built-in public key RSA-2048, for encrypting the encryption key. When encrypting files, ransomware adds an extension to the format .ReadManual.ID. For example, the 1.doc is encrypted and renamed to 1.doc.ReadManual.C77BFF8C.

Mount Locker files

The ransomware then registers the extension in the Registry so that when the victim clicks on an encrypted file, it will automatically load the ransom note, which is named RecoveryManual.html and contains instructions on how access on Tor site for communication with ransomware operators.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Ransomware attack "hit" election database in Georgia, USA!

A ransomware attack hit Georgia, USA earlier this month, affecting a database used to verify ...

Data breach at the Sheriff's office in Hennepin

The Sheriff's Office in Hennepin County suffered data breaches, which resulted in the leak of information to about 1400 people.

Play Store: 21 Android apps with adware found

Google removed 15 Android apps from the Play Store over the weekend, according to a report from ...

The new KashmirBlack botnet has infected hundreds of thousands of websites

The new KashmirBlack botnet is believed to have infected hundreds of thousands of websites since November 2019.

FBI: Supports US Cyber ​​Camp for IT training and cybersecurity

The USSR and the FBI are working together to support the US Cyber ​​Camp. This...

US: Sanctions on a Russian institute for the development of Triton malware!

The US Treasury Department announced at the end of last week sanctions for a Russian research institute, which is allegedly involved ...

How to customize notifications for specific emails in Outlook

Your inbox may be flooded with junk emails. Sometimes, though, you really need to know when a particular message will arrive ...

Biomedical cyber attack: Hackers send phishing emails

Biomedical cyber attack: Hackers send phishing emails A cyber attack is underway that targets corporate users from many companies in Greece, with emails ...

How to control the brightness of your iPhone lens

It is probably no surprise to any iPhone owner that they can use the LED flash on the back of your iPhone as ...

Check for Windows 10 updates with these settings

Microsoft has added new settings that allow users to gain more control over how Windows Update ...