Mount Locker and AstroLocker Team Ransomware Groups had a Close Ties Surface

A Threat Response team managed by Sophos revealed a number of close ties between the Mount Locker team and the AstroLocker Team. The security expert teams suspects that these were an effort towards increasing the scale of payouts by rebranding themselves and striking fear among the targets.

How these were detected?

Recently, an attack occurred on a team where the attack had all the TTPs of Mount Locker operation whereas the ransom note redirected to support team who were introducing themselves as AstroLocker Team.

Further research revealed that five more attacks occurred where the victim’s organization were listed both on Mount Locker as well as AstroLocker Team.

Some recent attacks-

Mount Locker has shown high number of activities since the end of the last year

  1. They could be sharing some of the back-end information of Ragnar Locker Group.
  2. They threated to release the stolen data from ECU Worldwide, a shipping firm.
  3. They also targeted Amey PLC and a ransom of $2 million ransom was demanded.


The Mount Locker is evidently trying to rebrand itself as a professional criminal. Organizations are at constant threats of cyber attacks from various groups. So it is important for organizations to keep backups of all their data

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!