FBI: ProLock ransomware gains access to victim networks via Qakbot infections

published 18.05.2020 12:08

Image of article 'FBI: ProLock ransomware gains access to victim networks via Qakbot infections'

Taking into account the FBI and Group-IB reports, this now also means that computers inside an organization that have been found to be infected with Qakbot must be isolated from the rest of the network as soon as possible, as they can serve as entry points for a ransomware gang.

At the time of writing, it is unclear if the ProLock ransomware was created and managed by the Qakbot gang, or if the ProLock gang rents access to Qakbot-infected hosts part of a Crimeware-as-a-Service scheme.

In the case of ProLock, the FBI says this group gains access to hacked networks via the Qakbot (Qbot) trojan.

Image: FBI, ZDNet, Florian Krumm The FBI has issued a security alert earlier this month about a new ransomware strain named ProLock that has been deployed in intrusions at healthcare organizations, government entities, financial institutions, and retail organizations.

ProLock decrypter not working properly In addition to warning about the relationship between Qakbot and ProLock, the FBI also warned victims about bugs in the ProLock decrypter, the app the ProLock gang provides victims in order to decrypt their files after paying the ransom.