The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks. Identified at the start of 2024, this group has already infiltrated nine medium to large Russian companies.
MorLock Ransomware
MorLock has rapidly emerged as one of the most prolific cyber gangs focusing on Russian entities.
Deploying advanced ransomware strains like LockBit 3 (Black) and Babuk, MorLock’s tactics are marked by stealth and financial incentives, despite efforts to distance themselves from political motives.
FACCT has identified the emergence of a new criminal outfit named MorLock ransomware.
MorLock’s strategy entails exploiting vulnerabilities in public applications and obtaining compromised credentials, often sourced from dark web marketplaces like the Russian Market.
Their meticulous planning involves disabling Russian corporate antivirus systems through administrative access, facilitating the unhindered propagation of their ransomware throughout the victim’s network.
MorLock utilizes an extensive arsenal of tools, comprising:
LockBit 3 (Black) and Babuk: Core ransomware tools employed for data encryption.
Sliver and Godzilla web-shells: For ensuring persistence and control over compromised systems.
SoftPerfect Network Scanner and PingCastle: Utilized for network reconnaissance purposes. PsExec and
AnyDesk: Employed to execute and oversee the ransomware operations throughout the network.
These tools expedite the ransomware deployment process, often completing their destructive tasks within a matter of days after gaining access.
Recommendation
Given the severity and sophistication of MorLock’s attacks, businesses are urged to bolster their cybersecurity measures. This entails regularly updating security systems, educating employees on cybersecurity best practices, and implementing multi-factor authentication to mitigate credential compromises.
Additionally, the attackers utilized the victim’s web browser to directly download a few tools from official websites onto hosts.
Here’s the complete list of MorLock tools, encompassing ransomware and beyond:
- LockBit 3 (Black)
- Babuk (ESXi, NAS)
- Silver
- Facefish
- Godzilla web-shell
- SoftPerfect Network Scanner
- PingCastle
- resocks
- localtonet
- pretender
- AnyDesk
- putty
- XenAllPasswordPro
- nssm
- PsExec
The appearance of MorLock ransomware serves as a clear indication of the evolving cyber threat landscape.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment