MongoLock Ransomware
The MongoLock Ransomware is a Trojan wiper that uploads your media to an external server and deletes the local copies. The MongoLock Ransomware uses these attacks as its leverage for demanding ransom payments through cryptocurrency. Users should save backups on other devices for keeping the risk from infections to a minimum and let their anti-malware products uninstall the MongoLock Ransomware.
Trojans with More than Encryption in Their Arsenal
A Trojan campaign is, unexpectedly, dispensing with the standard technique of encrypting its' victims' media as a bargaining mechanism for ransoms. Instead, the new the MongoLock Ransomware uses more comprehensive attacks than enciphering data, up to wiping and reformating the PC's entire drive. However, before doing so, it takes one important, extra step for giving its criminal control over that data.
Like nearly all ransom-based Trojans, the MongoLock Ransomware is a Windows executable. The MongoLock Ransomware incorporates UPX packing into its self-defenses for hiding from threat-detecting databases, although its success rate isn't very impressive. One of its first actions is to upload the user's database files to an external C&C server that the threat actor controls silently. Once the MongoLock Ransomware finishes preserving them in this fashion, it starts deleting or 'wiping' them securely and finalizes the effort by reformating the hard drive.
Surprisingly, the MongoLock Ransomware asks for no more than 0.1 Bitcoins (around three hundred USD) in return for restoring the lost media. This cost is much cheaper than the similar ransoming efforts that malware experts expect from high-level threats, although the victims, still, should strive to avoid paying it. Although its wallet is active, none of its transactions correlate to ransoming payments, as of mid-December.
Guarding against a Campaign of File-Funneling
The MongoLock Ransomware's name is a reference to its infection vectors, which are striking at unsecured MongoDB databases. This niche targeting of specific data types is, most likely, what makes its uploading feature practical, since a file-locker Trojan could hinder itself by uploading large sizes of widely varying media types and slowing its attack unnecessarily. Malware experts aren't noting any incidents involving spam e-mails or similar strategies for compromises and suspect that the MongoLock Ransomware's threat actors are using server-scanning utilities opportunistically.
Preventing remote access to your database is effective against the MongoLock Ransomware attacks, for now. Some of the guidelines server administrators should implement include encrypting both incoming and outgoing communications, limiting account privileges appropriately, disabling JavaScript operations on the server-side, and tracking system events, among others. More than one out of every two anti-malware programs are finding this threat accurately, and credible anti-malware solutions are the recommended method for removing the MongoLock Ransomware infections.
The MongoLock Ransomware is a creative implementation of what's a vanilla attack for most Trojans. The extra spice of having one's files uploaded to another server is, however, a flavor that no server admin needs experiencing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.