Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now
  • Blog
    • /
  • Ransomware
    • /
  • MountLocker Ransomware Provides a Glimpse into What’s Next in Ransomware-as-a-Service

MountLocker Ransomware Provides a Glimpse into What’s Next in Ransomware-as-a-Service

Stu Sjouwerman | Dec 18, 2020

MountLocker RAnsomware Provides Ransomware-as-a-ServiceThis family of ransomware is growing in popularity with affiliates, providing them with two attack variants and appears to be establishing a new “as-a-service” business model.

Hot on the heels of the news of Maze ransomware “retiring” last month, security researchers are seeing trends in other ransomware families that may provide insight into what you should expect to see in the new year.

According to BlackBerry’s Research and Intelligence Team, the ransomware to keep an eye on is MountLocker. Offered as Ransomware-as-a-Service, MountLocker has been around since July. But it’s tactics and how it partners with affiliates has researchers concerned.

First there’s the tactics. MountLocker can operate in two fashions – one that targets 2600 file extensions to encrypt, and another that simply excludes 14 specific extensions, leaving everything else to be encrypted.

Next there’s the very unique affiliate relationship MountLocker has with its cybercriminal partners. It appears that rather than affiliates signing up to use the ransomware and then attacking, MountLocker’s affiliates do the opposite. According to BlackBerry, threat actors breach a network, then negotiate with MountLocker on the affiliate fees, resuming attacks once a fee is negotiated. Additionally, MountLocker also engages in “blackmail and extortion tactics” working in conjunction with their affiliates (who are also performing the same actions) to double the offensive in the hopes of collecting a ransom from the victim organization.

Cybercriminal organizations are getting more organized, are developing crafty partnerships and business models that – like any legitimate business – work to increase “revenues.”

BlackBerry says MountLocker is “just warming up” meaning they expect to see more of this ransomware family into 2021.

As with most attacks, the threat actors need a way in. Even today, it still boils down to RDP access (which you can disable and simply not use) and successful phishing attacks (which can be materially reduced through the use of Security Awareness Training to increase user vigilance when interacting with email and the web).

Topics: Ransomware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Version_2F_225x600

Posts By Topic

View all topics >