Using well-known, typical intrusion tactics, the operators of ProLock ransomware have been able to deploy a large number of attacks at an average rate of nearly one attack per day. Initially, ProLock was named PwnedLocker and came with a bug that allowed victims to unlock their files for free. After that failure, the operators renamed it ProLock and fixed the flaw. After their rebranding in March of 2020, The ProLock operators have increased their activity and are demanding larger ransoms. The operators have no preference for their targets or the sector of their activity as long as their targeted companies can pay larger ransoms. Currently, they are demanding an average of $1.8 million USD from companies in Europe and North America. For the past six months, the cybersecurity firm Group-IB has detected more than 150 ProLock operations with their most recent victim being asked for 225 Bitcoins (currently around $2,322,472 USD). ProLock’s tactics, techniques, and procedures are simple and effective—they have partnered with Qakbot (QBot) banking trojan to gain initial access. Qakbot allows the ProLock operators to map networks, move laterally, then deploy the ransomware on the most critical computer systems all at once.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in