ProLock Ransomware

Detected in March 2020, ProLock.Ransomware is a newly identified “human-operated” file-encrypting windows strain. ProLock is the successor of another ransomware strain “PwndLocker” that had a flaw in its code, which lead victims to decrypt data without having to pay a ransom.

The designers of the malware upgraded the malicious code of PwndLocker and renamed it to ProLock. Since its first identification, ProLock has seen hitting global organizations. Besides, the malware is reportedly targeting healthcare organizations, retailers, financial institutions, and government entities.

Researchers found that even after paying a ransom, the decryptor of ProLock ransomware could contaminate internal files of a system.

Read SISA’s security advisory to understand the history, background, and recent developments concerning ProLock Ransomware.

The advisory covers complete details about the attack patterns, Indicators of Compromise (IoCs) of the ransomware. Then, it gives a few security best practices to occlude ProLock from intruding into information systems and illegal data encryption.

Download Security Advisory
Advisory - ProLock Ransomware