LTS Secure Warning: Enterprise Networks Being Targeted By New PwndLocker Ransomware

Security researchers have discovered a new strain of ransomware called “PwndLocker” targeting enterprise networks. The ransomware, has been active since late 2019, infecting a variety of US cities & organizations till now.

Technical Details

The ransomware targets devices running the windows operating system and does the following:-

• Stops the following services in order to encrypt the victims data:-
  • Microsoft SQL Server
  • IIS
  • MySQL
  • Exchange
  • Oracle
  • Veeam
  • Zooly
  • Acronis
  • Backup Exec
• Further, it strikes security programs such as:-
  • Kaspersky
  • Malwarebytes
  • McAfee
  • Sophos
• Once done with the above, it starts with its encryption process and adds .pwnd & .key extension to the files.
• During the encryption phase, the ransomware skips specific system & executable files.
• Next, the shadow volume copies are deleted to prevent any potential recovery of data.
• Finally, the ransom note is dropped on the desktop, which contains the instructions the victim must follow to obtain the decryption key.

Impact

• Loss of Productivity.
• Downtime in Business Critical operations.
• Temporary or Permanent loss of Sensitive/Confidential data.

Recommended Actions

• Create a solid backup strategy
• Avoid Opening emails & attachments from unknown senders.
• Ensure that your devices are always up-to-date with the latest patches released.
• Regularly update your antivirus software & perform malware scans to protect against unknown threats.
• Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.