Group-IB Reveals New Type Of Ransomware Attack Emerges, Comes In The Form Of Trojan
Group-IB Reveals New Type Of Ransomware Attack Emerges, Comes In The Form Of Trojan
May 20, 2020
Group-IB Reveals New Type Of Ransomware Attack Emerges, Comes In The Form Of Trojan
Group-IB Reveals New Type Of Ransomware Attack Emerges, Comes In The Form Of Trojan
May 20, 2020

A study by Group-IB, the cybersecurity firm, has revealed that a new type of ransomware attack, known as ProLock, emerged in recent months by raising red flags among the cybersecurity community and authorities such as the FBI in the US, which comes in the form of a Trojan.

On May 17, it has been reported that ProLock relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files.

However, the roster of victims includes local governments, financial, healthcare, and retail organizations. Among them, the attack, which Group-IB considers the most notable was against ATM provider Diebold Nixdorf.

The FBI detailed that the ProLock attack initially gains access to victim networks through phishing emails, which often deliver Microsoft Word documents.

It has been analyzed that Qakbot interferes with configuring a remote desktop protocol and steals login credentials for systems with single-factor authentication.

ALSO READ :  Fundstrat Researcher Rob Sluymer Says Bitcoin’s Road To Recovery Could Be A Long One

Group-IB stated that the ransomware attacks ask for a total payment of 35 BTC, worth $337,750 as of press time.

Likewise, a Bleeping Computer study shows that ProLock demands an average of $175,000 to $ 660,000 per attack by depending on the size of the targeted network.

Brett Callow, the threat analyst of Emsisoft, explained:

“ProLock is unusual in that it is written in assembly and deployed using Powershell and shellcode. The malicious code is stored in either XML, video, or image files. Notably, the ProLock decryptor supplied by the criminals does not work correctly and corrupted data during the decryption process.”

Callow added that though Emsisoft developed a decryptor to recover victims’ data affected by ProLock without loss, such software does not remove the need for the ransom to be paid as it relies on the key supplied by the criminals.

ALSO READ :  China Construction Bank to Expand Blockchain Platform as Volume Breaks $53 Billion

Though the techniques used by ProLock operators are similar to those of known ransomware groups that filter stolen data like Sodinokibi and Maze, Group-IB clarified:

“Unlike their peers, though, ProLock operators still don’t have a website where they publish exfiltrated data from companies that refuse to pay the ransom.”

Source: Cointelegraph | Image: CPO Magazine


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with an experience of 1 year. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space, as she loves writing about blockchain and other blockchain-related articles. Currently, she is working on blockchain-based news, reviews, featured articles, and guides.
Share This

Share This

Share this post with your friends!