A Threat Response team managed by Sophos revealed a number of close ties between the Mount Locker team and the AstroLocker Team. The security expert teams suspects that these were an effort towards increasing the scale of payouts by rebranding themselves and striking fear among the targets.
How these were detected?
Recently, an attack occurred on a team where the attack had all the TTPs of Mount Locker operation whereas the ransom note redirected to support team who were introducing themselves as AstroLocker Team.
Further research revealed that five more attacks occurred where the victim’s organization were listed both on Mount Locker as well as AstroLocker Team.
Some recent attacks-
Mount Locker has shown high number of activities since the end of the last year
- They could be sharing some of the back-end information of Ragnar Locker Group.
- They threated to release the stolen data from ECU Worldwide, a shipping firm.
- They also targeted Amey PLC and a ransom of $2 million ransom was demanded.
Conclusion-
The Mount Locker is evidently trying to rebrand itself as a professional criminal. Organizations are at constant threats of cyber attacks from various groups. So it is important for organizations to keep backups of all their data