Ransomware[1] which demands millions of dollars from victims and is being updated with new features could become another serious threat to businesses.
MountLocker ransomware first emerged in July and encrypts the networks of victims with the attackers demanding bitcoin[2] in exchange for the decryption key. Like other forms of ransomware, the criminal hackers behind it threaten to leak stolen information from the victim organisation[3] if the bitcoin ransom isn't paid.
Cybersecurity researchers at BlackBerry[4] have been analysing MountLocker and say that those behind it are "clearly just warming up" - and this family of ransomware could become a major threat going forward.
Researchers note that MountLocker takes advantage of an affiliate scheme in order to find victims, likely negotiating with hackers who've already compromised a network with malware[5] in order to make the deployment of the ransomware as easy and widespread as possible – and providing a means for both parties to illicitly make money from the network compromise.
"Affiliates are often separate organised crime groups, who go looking for easy - and not so easy - entry into networks," Tom Bonner, distinguished threat researcher at Blackberry told ZDNet.
"Once they have established a foothold they will begin negotiations with ransomware operators, usually via dark web channels, in order to obtain a ransomware to monetize the access to the victim's environment," he added.
SEE: A winning strategy for cybersecurity[6] (ZDNet special report) | Download the report as a PDF[7] (TechRepublic)
While it's possible for hackers to breach the network using malware[8], it's common for outsiders to gain access to the network by breaching weak, commonly used or default passwords[9] then escalate their privileges from there.