Names | ProLock PwndLocker | |
Category | Malware | |
Type | Ransomware, Big Game Hunting | |
Description | (ZDNet) In most of the incidents analyzed by security researchers, the ProLock ransomware was deployed on networks that have been previously infected with the QakBot trojan. The Qakbot trojan is distributed via email spam campaigns or is dropped as a second-stage payload on computers previously infected with the Emotet trojan. System administrators who find computers infected with either of these two malware strains should isolate systems and audit their networks, as the ProLock gang could be already wandering around their systems. | |
Information | <https://www.zdnet.com/article/prolock-ransomware-everything-you-need-to-know/> <https://www.group-ib.com/whitepapers/prolock.html> <https://news.sophos.com/en-us/2020/07/27/prolock-ransomware-gives-you-the-first-8-kilobytes-of-decryption-for-free/> <https://nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-reveals-the-evolution-of-a-threat/> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0654/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.pwndlocker> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:prolock> |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Mallard Spider | [Unknown] | 2008-Dec 2020 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |