The ProLock ransomware follows a specific strategy when choosing its victims. This strategy is called “Big Game Hunting,” which refers to the fact that the group only attacks large companies.
This way, by having large companies or government networks as targets, the attackers are able to extract large payouts from the victims.
By the end of 2019 ProLock was already active, but under the name PwndLocker. In March 2020, researchers discovered a bug in the ransomware and made a decoder available for free.
After that, the group updated its ransomware to fix the known bugs, thus emerging a more powerful version that became known as ProLock.
According to security researchers, the ProLock ransomware uses the Qakbot Trojan horse to break into the system. Spam campaigns and malicious emails are the most common means of invasion for Qakbot.
Once the environment is hacked and the ransomware launched to encrypt data on a host, the group wants to target nearby computers to generate maximum damage.
This maneuver, called lateral movement, can be done through the Windows CVE-2019-0859 vulnerability to gain administrator-level access on infected hosts.
ProLock can use these credentials to move laterally across a network via RDP, having a wider reach that can cause a great deal of damage to the system and, consequently, to the functioning of an organization.
The ProLock group typically asks for ransoms ranging from 35 to 90 BTC (from $400,000 to $1,000,000 USD) and the trend is only increasing in the coming attacks.
Digital Recovery has 23 years of experience in the data recovery market. We have managed to develop unique solutions that allow us to recover data encrypted by ransomware.
Because we understand the damage that data loss can do to its victims, our team of engineers are ready to respond to any incident quickly and efficiently. We provide remote solutions for most services, preventing future damage.
With Digital Recovery, all information is legally regulated in accordance with the General Data Protection Regulation (GDPR). We have drawn up our own confidentiality agreement (NDA), which will ensure that information is not exposed.
We can guarantee a fast, personalised and efficient service. Don’t waste time, talk to our team of experts and recover your data.