A relatively new ransomware called Mount Locker is joining several other ransomware families in stealing files before encryption and demanding ransom amounts in the millions. When encrypting files, Mount Locker will add its own generated of extension of “.ReadManual.ID” to each file name, where “ID” is a unique identifier based on information gathered from the infected system. What makes Mount Locker unique is that it will also register the appended file extension in the registry so that any victim who double-clicks on the file will automatically open the ransom note instead. Unfortunately, analysis by security researcher Michael Gillespie (@demonslay335) has shown that the attackers have used strong encryption and it is not currently possible to decrypt without the decryption key.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security