Mount Locker Ransomware Aggressively Changes Up Tactics

Mount Locker Ransomware
Share It On:

24th April 2021, Kathmandu

Mount Locker group first announced their ransomware-as-a-service offering in the second half of 2020, and attacks attributed to the variant have been on the rise since. In early November 2020, an update was released broadening the types of files targeted and improving the ransomware’s ability to evade security measures. It also appears that Mount Locker may be transitioning to Astro Locker, as the verbiage and victims listed on both variants’ shaming sites share significant overlap. While it’s not too uncommon for malware to change names, this change is paired with an aggressive shift in Mount Locker’s tactics.

Traditionally, Mount Locker ransomware is known for using public tools to move laterally, steal files, and deploy encryption. Attackers deploying Mount Locker use its capabilities for double extortion of victims. Initial access vectors vary, but once a foothold is gained common tactics include the use of AdFind and Bloodhound for Active Directory and user reconnaissance, FTP for file exfiltration, and CobaltStrike for lateral movement and the delivery and execution of encryption, potentially through psExec. Critical data is staged and exfiltrated to be used as further collateral in extorting ransoms, with threats to release the data if the ransom is not paid.


Share It On:

Recent Posts

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and Reproductive Health Policies

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and

Share It On: 21st November, Kathmandu Nepal is set to host the 6th Asian Population Conference from November 27 to

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining