Mount Locker Ransomware
The Mount Locker Ransomware is a file-locking Trojan whose campaigns target corporate networks. Attackers deploying this threat may, in addition to encrypting the victim's files, steal data for leaking to the public in unpaid ransom scenarios. Users still should avoid paying, if practical, and recover from any backups after removing the Mount Locker Ransomware with professional anti-malware tools.
A Mountain's Worth of Data Theft with a Peak Topped by Extortion
By itself, blocking files isn't always enough leverage for twisting victims into doing what the hacker wants. Some threat actors are 'stepping up their game' unpleasantly by adding extra dangers into their file-locking Trojans' campaigns. The financial and privacy problems involved tend to compound themselves in higher-end targets, such as the corporate entities preferred by the young the Mount Locker Ransomware.
The Mount Locker Ransomware is a custom threat administrated by attackers labeled with the same name, and supporting TOR site infrastructure for chatting feature for the victims. Much like the SunCrypt Ransomware, the Trojan blocks files with a secure encryption routine legitimately and includes warnings of leaking data. A dedicated Mount Locker Ransomware website displays 'leaks' of victims' servers' contents, for those who choose, as malware experts always recommend, not paying.
The use of an RSA key with its ChaCha20 encryption ensures that victims have a difficult decision ahead since third parties can't restore their files.
The Mount Locker Ransomware has another feature that isn't too common in Trojans of its kind. It adds a Registry entry that causes the ransom note to appear whenever the victim opens a 'locked' file. The latter are identifiable through their extensions: 'ReadManual' and a unique ID string.
Scaling Mountainous Problems in Software
The Mount Locker Ransomware's campaigns adjust their ransoms to their victims, presumably, according to how valuable the compromised server's data is. Victims are receiving demands for millions of dollars, in some instances, although paying, still has the same risk as always: that the threat actor will take the money and refuse decryption service. Malware experts also confirm that the Mount Locker Ransomware's threat actor follows up on the warning of leaking data to a publicly-viewable site, which only amplifies the stakes at risk in an attack.
Workers should protect their systems appropriately through standardized security practices, including:
- Avoiding weak passwords, which are at risk in brute-force or dictionary attacks
- Updating server software, when appropriate, for removing patchable vulnerabilities
- Maintaining the principle-of-least-privilege for user accounts
- Being careful around e-mail-based content, such as potential phishing lures and corrupted attachments (esp. documents or spreadsheets with macros)
Proper backup standards also are an essential fallback point for recovering any files.
The Mount Locker Ransomware's admins are playing a high stakes game that matches their victims' extreme funding. Businesses with the resources for paying their ransoms should have even more ready to put towards infection prevention and attack containment, lest they pay a terrible price.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.