Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Mount Locker Ransomware Demanding Ransom Payments in the Millions
  • Cyber Attacks
  • Data Breach
  • Malware

Mount Locker Ransomware Demanding Ransom Payments in the Millions

6 years ago David Bisson
Mount Locker Ransomware Demanding Ransom Payments in the Millions

A new ransomware strain called “Mount Locker” is demanding that victims pay multi-million dollar ransom payments to recover their data.

According to Bleeping Computer, the ransomware first began making the rounds in July 2020.

The malicious actors responsible for this threat took a cue from other crypto-malware gangs by stealing victims’ unencrypted data and threatening to publish the data unless they received payment.

In the case of Mount Locker, ransom demands sometimes climbed into the millions of dollars.

$2 million ransom demand from Mount Locker. (Source: Bleeping Computer)

Mount Locker’s handlers followed through on this threat after claiming to have stolen 400 GB from a victim. When the victim didn’t pay, the attackers published their information on their data leak site.

That site indicated that Mount Locker had affected four victims at the time of Bleeping Computer’s writing. Of those, the data of just one victim was available for viewing on the site.

An analysis of one sample by security researcher Michael Gillespie provided some insight into the ransomware’s encryption routine. As explained by Bleeping Computer:

Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key.

From our analysis, when encrypting files, the ransomware will add an extension in the format .ReadManual.ID. For example, 1.doc would be encrypted and renamed to 1.doc.ReadManual.C77BFF8C, as shown in the encrypted folder below.

After completing its encryption routine, the ransomware registered its extension in the Registry so that its ransom note would load whenever the victim attempted to open one of their encrypted files. This message contained instructions on how the victim could go about to submit their ransom payment using Tor.

Mount Locker’s ransom note. (Source: Bleeping Computer)

Mount Locker suffered from no discernible weaknesses that made it possible for researchers to craft a free decryption utility at the time of analysis. It’s therefore up to users and organizations alike to prevent a ransomware infection from occurring in the first place.

The post ” Mount Locker Ransomware Demanding Ransom Payments in the Millions” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Ransomware, TripWire

Continue Reading

Previous Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
Next Microsoft Windows XP Source Code Reportedly Leaked Online

More Stories

  • Cyber Attacks
  • Data Breach

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

12 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Vulnerabilities

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

1 day ago [email protected] (The Hacker News)
  • Malware

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Malware

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

2 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
  • Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
  • TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
  • CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
  • Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT