You are here
Home > News > FBI: ProLock ransomware can access networks via Qakbot infections

FBI: ProLock ransomware can access networks via Qakbot infections

FBI: ProLock ransomware gains access to victim networks via Qakbot infections

The FBI has released a security alert stating that the ProLock decryptor does not often work correctly, even after ramson is paid by the victims.

ProLock ransomware which came to the frontline around March 2020, has been discovered to have been upgraded in what appears to be a plan to remain relevant for a long time to further perpetuate its attack more brutally and following the footsteps of Pwndlocker, seen imposing ransoms in huge figures on its victims and has now teamed up with Qakbot banking trojan to intrust into networks.

Also, in March 2020 saw Pwndlocker hit the networks of various public and private entities within the US demanding ransom amount as high as $650, 000  from the biggest of its victims. ProLock was developed just like Pwndlocker with better features which may lead to victims paying a higher ransom.

The FBI disclosed that hackers malicious gained access with ProLock ransomware into the various company’s hacked networks using Qakbot trojan. This ransomware strain is manually installed on hacked company’s networks with hackers taking over the control of an infected network after breaching the network, then deploys the ransomware after a successful breach.

The FBI’s security alert reveals that victims may likely lose their important files that are above 64MB in size and can lead to file value loss of around 1 byte/Kb above 100MB even after the affected host pay a hefty financial ransom. Group-IB also reported that hackers have been able to successfully made gains with ProLock being used to breach government entities, online retail stores, healthcare service providers, and financial institutions.

Both FBI and Group-IB has advised organizations against leaving computers within a company that has suffered a Qakbot infection within the network hosting other computers to block it from being used as a vulnerable pathway to spread the malware that would lead to heavier financial and security consequences.

Secureblitz security team advises all organizations and online retail businesses to treat all cybersecurity threats by updating all systems and software with original product patches, consistently run an up-to-date system backup to avoid vulnerability which can lead to heavy casualty.

RELATED POSTS

John Raymond
Latest posts by John Raymond (see all)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
Enable Notifications    OK No thanks