The current global remote working movement has become an opportunity for cyber attackers. Security researchers at SISA have been observing a persistent ransomware activity around the world. Now, we found another file-encrypting malware, disrupting enterprises in Taiwan.
ColdLock is a newly identified ransomware strain that reportedly focuses on encrypting databases and email servers of the victim organizations. The malware uses a typical intrusion channels to infect and might have relations to various ill-famed threat groups.
Read SISA’s advisory to get more information on ColdLock ransomware.
The advisory covers complete details about the background, attack patterns, and Indicators of Compromise (IoCs) of ColdLock ransomware. Then, the advisory gives a few security best practices to occlude ColdLock from intruding into Information Systems and encrypt critical data files.
This technical advisory was proposed and researched by Priyanka.D, Security Analyst at SISA’s Synergistic-SOC.