MorLock Ransomware Targets Organizations, Stealing Business Data

Home/BOTNET, Compromised, Exploitation, Internet Security, Mobile Security, Ransomware, Security Advisory, Security Update/MorLock Ransomware Targets Organizations, Stealing Business Data

MorLock Ransomware Targets Organizations, Stealing Business Data

The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks. Identified at the start of 2024, this group has already infiltrated nine medium to large Russian companies.

MorLock Ransomware

MorLock has rapidly emerged as one of the most prolific cyber gangs focusing on Russian entities.

Deploying advanced ransomware strains like LockBit 3 (Black) and Babuk, MorLock’s tactics are marked by stealth and financial incentives, despite efforts to distance themselves from political motives.

FACCT has identified the emergence of a new criminal outfit named MorLock ransomware.

MorLock’s strategy entails exploiting vulnerabilities in public applications and obtaining compromised credentials, often sourced from dark web marketplaces like the Russian Market.

Their meticulous planning involves disabling Russian corporate antivirus systems through administrative access, facilitating the unhindered propagation of their ransomware throughout the victim’s network.

MorLock utilizes an extensive arsenal of tools, comprising:

LockBit 3 (Black) and Babuk: Core ransomware tools employed for data encryption.

Sliver and Godzilla web-shells: For ensuring persistence and control over compromised systems.

SoftPerfect Network Scanner and PingCastle: Utilized for network reconnaissance purposes. PsExec and

AnyDesk: Employed to execute and oversee the ransomware operations throughout the network.

These tools expedite the ransomware deployment process, often completing their destructive tasks within a matter of days after gaining access.


Given the severity and sophistication of MorLock’s attacks, businesses are urged to bolster their cybersecurity measures. This entails regularly updating security systems, educating employees on cybersecurity best practices, and implementing multi-factor authentication to mitigate credential compromises.

Additionally, the attackers utilized the victim’s web browser to directly download a few tools from official websites onto hosts.

Here’s the complete list of MorLock tools, encompassing ransomware and beyond:

  • LockBit 3 (Black)
  • Babuk (ESXi, NAS)
  • Silver
  • Facefish
  • Godzilla web-shell
  • SoftPerfect Network Scanner
  • PingCastle
  • resocks
  • localtonet
  • pretender
  • AnyDesk
  • putty
  • XenAllPasswordPro
  • nssm
  • PsExec

The appearance of MorLock ransomware serves as a clear indication of the evolving cyber threat landscape.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!