ProLock

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
ProLock is a type of malware, specifically ransomware, that is designed to infiltrate computer systems, often unbeknownst to the user. It typically enters systems through suspicious downloads, emails, or websites. Once inside, ProLock can steal personal information, disrupt operations, and hold data hostage for ransom. This malware has been affiliated with leading ransomware syndicates such as REvil and Lockbit, and was notably observed in early 2020 alongside Qbot, another malicious software. ProLock's presence was followed by a more prolific outbreak of Egregor ransomware later in the year. The Qbot malware operation has had numerous collaborations with other ransomware gangs, including ProLock. Qbot, also known as Qakbot, acts as a delivery agent for different types of ransomware, most notably ProLock and Egregor. The role of Qbot in these collaborations is to distribute the ransomware to the infected machine, effectively pushing additional threats such as ProLock ransomware onto the system. This collaboration between Qbot and ProLock has resulted in significant losses for businesses. Prominent ransomware groups, including Conti and ProLock, have utilized Qbot's botnet for their operations. As a loader, Qbot distributed ransomware like ProLock to extort victims. This strategy of using a botnet to spread ransomware has made these cyber-attacks more effective and damaging. In summary, ProLock represents a significant threat due to its affiliation with major ransomware syndicates, its ability to be distributed by other malware like Qbot, and its use by prominent ransomware groups to cause extensive damage.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Botnet
Loader
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
EgregorUnspecified
2
Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab
QbotUnspecified
2
Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
QakBotUnspecified
1
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
REvilUnspecified
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
DoppelpaymerUnspecified
1
DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE.
MegaCortexUnspecified
1
MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the ProLock Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
How was Qakbot cybersecurity ransomware network dismantled?
CERT-EU
a year ago
Dismantling Qakbot Botnet - FBI's Largest Cyber Operation Ever
Flashpoint
a year ago
Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware
MITRE
a year ago
Technical analysis of the QakBot banking Trojan
MITRE
a year ago
Qbot - 2021 Threat Detection Report - Red Canary
Securityaffairs
a year ago
New QBot campaign delivered hijacking business correspondence