The MountLocker ransomware now uses Windows Active Directory APIs to worm through networks. The MalwareHunterTeam released a sample of what they think is a new MountLocker executable this week, which includes a new worm function that enables it to propagate and encrypt to other network devices.
MountLocker launched as a Ransomware-as-a-Service (RaaS) in July 2020, with developers in charge of programming the ransomware platform and payment portal, and affiliates hired to hack firms and encrypt their devices. The MountLocker core team takes a smaller cut of 20-30% of a ransom payment as part of this deal, while the affiliate gets the remainder.
To Read More: bleepingcomputer