Objective: to block the partial mobilization against Ukraine, hitting logistics and communications. The group is part of IT Army of Ukraine.
Bleeping Computer: Mount Locker is a new ransomware operation underway wioth the double extortion scheme
It has been Mount Locker, and is a new ransomware operation underway, that steals victims’ files and then asks up to multi-illion dollar ransoms. According Bleeping Computer cyber security experts, it started around the end of July 2020, breaching corporate networks and deploying their malware. Before encrypting files, cybercrime hackers will also steal unencrypted files and threaten victims that the data will be published on a data leak site if a ransom is not paid, in the classic double extortion scheme Michael Gillespie, who analyzed the ransomware, told that Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key. It will add an extension in the format .ReadManual.ID. Then, it will then register the extension in the Registry so that when you click on an encrypted file, it will automatically load the ransom note, named RecoveryManual.html.