Recently surfaced ransomware group, XingLocker utilizing a customized MountLocker ransomware executable. This latest MountLocker operation uses Windows Active Directory API for launching worms through various networks.
MalwareHunter Team recently shared a prototype of this new MountLocker executable. It showcases how a worm feature spreads inside the network and encrypts other devices.
In April 2021, the Astro Locker ransomware group developed a customized version of MountLocker. It is said that there’s a connection between the Astro Locker team and MountLocker one.
In March 2021, the MountLocker gang also threatened to expose the stolen data of 2TB of a shipping firm, ECU worldwide.
To Read More: Cyware