ProLock

Malware updated 5 months ago (2024-05-04T19:35:22.586Z)
Download STIX
Preview STIX
ProLock is a type of malware, specifically ransomware, that is designed to infiltrate computer systems, often unbeknownst to the user. It typically enters systems through suspicious downloads, emails, or websites. Once inside, ProLock can steal personal information, disrupt operations, and hold data hostage for ransom. This malware has been affiliated with leading ransomware syndicates such as REvil and Lockbit, and was notably observed in early 2020 alongside Qbot, another malicious software. ProLock's presence was followed by a more prolific outbreak of Egregor ransomware later in the year. The Qbot malware operation has had numerous collaborations with other ransomware gangs, including ProLock. Qbot, also known as Qakbot, acts as a delivery agent for different types of ransomware, most notably ProLock and Egregor. The role of Qbot in these collaborations is to distribute the ransomware to the infected machine, effectively pushing additional threats such as ProLock ransomware onto the system. This collaboration between Qbot and ProLock has resulted in significant losses for businesses. Prominent ransomware groups, including Conti and ProLock, have utilized Qbot's botnet for their operations. As a loader, Qbot distributed ransomware like ProLock to extort victims. This strategy of using a botnet to spread ransomware has made these cyber-attacks more effective and damaging. In summary, ProLock represents a significant threat due to its affiliation with major ransomware syndicates, its ability to be distributed by other malware like Qbot, and its use by prominent ransomware groups to cause extensive damage.
Description last updated: 2023-09-07T20:43:06.135Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Egregor Malware is associated with ProLock. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also puUnspecified
2
The Qbot Malware is associated with ProLock. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fiUnspecified
2
Source Document References
Information about the ProLock Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more