ProLock ransomware is another version of PwndLocker which is active since March 2020.This ransomware attack had began their activity in late 2019(after the discovery of a crypto bug in that malware). The ProLock ransomware was recently targeting networks of huge firms and demands big amount of ransome.
Propagation methods
- Uses weak RDP credentials and phishing technique for spreading and uses unique defense evasion procedures.
- Payload is usually hidden in BMP and JPG files.
- Uses the CVE-2019-0859 windows vulnerability to gain administrative-level access.
- Uses MimiKatz tool to pilfer credentials from compromised system.
Qakbot and ProLock
Recently Qakbot Trojan made hand in hand with ProLock ransomeware to access victims network.
