A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting.
According to BleepingComputer, the ransomware operators are demanding multi-million dollar ransoms.
Like other ransomware operators, Mount Locker started targeting corporate networks, it has been active since the end of July 2020.
“From ransom notes shared with BleepingComputer by victims, the Mount Locker gang is demanding multi-million dollar ransom payments in some cases.” reported BleepingComputer.
In one of the attacks attributed to the group, the gang stole 400 GB of data from the victim and threatened it to share them with the its competitors, the media outlets, and TV channels, if the ransom is not paid.
The victim decided to not pay the ransom and the group published its data on its data leak site.
Currently, the data leak site includes the name of other alleged victims, and for one of them, it contained the leaked files.
Recently the ransomware operators claimed to have stolen the files from ThyssenKrupp System Engineering, from security company Gunnebo, and the provider of Nitonol components Memry, and Makalot.
According to the popular malware researchers Michael Gillespie, the Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key.
The malware appends the extension .ReadManual.ID to the filenames of the encrypted files.
The ransom note, named RecoveryManual.html, includes instructions on how to access a Tor site, which is a chat service, that allows victims to communicate with the ransomware operators.
Experts confirmed that the encryption process implemented by the ransomware is not affected by any flaw, this means that it is not possible to recover the victims’ files for free.
(SecurityAffairs – hacking, ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.