XingLocker Spreading Worm Using MountLocker

XingLocker Spreading Worm Using MountLocker

Recently surfaced ransomware group, XingLocker utilizing a customized MountLocker ransomware executable. This latest MountLocker operation uses Windows Active Directory API for launching worms through various networks. 

MalwareHunter Team recently shared a prototype of this new MountLocker executable. It showcases how a worm feature spreads inside the network and encrypts other devices.

In April 2021, the Astro Locker ransomware group developed a customized version of MountLocker. It is said that there’s a connection between the Astro Locker team and MountLocker one.

In March 2021, the MountLocker gang also threatened to expose the stolen data of 2TB of a shipping firm, ECU worldwide.

To Read More: Cyware