Mount Locker Ransomware Aggressively Changes Up Tactics

Mount Locker Ransomware
Share It On:

24th April 2021, Kathmandu

Mount Locker group first announced their ransomware-as-a-service offering in the second half of 2020, and attacks attributed to the variant have been on the rise since. In early November 2020, an update was released broadening the types of files targeted and improving the ransomware’s ability to evade security measures. It also appears that Mount Locker may be transitioning to Astro Locker, as the verbiage and victims listed on both variants’ shaming sites share significant overlap. While it’s not too uncommon for malware to change names, this change is paired with an aggressive shift in Mount Locker’s tactics.

Traditionally, Mount Locker ransomware is known for using public tools to move laterally, steal files, and deploy encryption. Attackers deploying Mount Locker use its capabilities for double extortion of victims. Initial access vectors vary, but once a foothold is gained common tactics include the use of AdFind and Bloodhound for Active Directory and user reconnaissance, FTP for file exfiltration, and CobaltStrike for lateral movement and the delivery and execution of encryption, potentially through psExec. Critical data is staged and exfiltrated to be used as further collateral in extorting ransoms, with threats to release the data if the ransom is not paid.


Share It On:

Recent Posts

Dursikshya Education Network Successfully Concludes Finals of Discovery Education & Edutech’s National Coding Competition – Nepal Edition

Dursikshya Education Network Successfully Concludes Finals of Discovery Education &

Share It On:22nd December 2024, Kathmandu Dursikshya Education Network, in collaboration with Edutech India, Discovery Education UK, and ICT Frame

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support