ProLock

Malware updated 6 months ago (2024-05-04T19:35:22.586Z)

Download STIX

Preview STIX

ProLock is a type of malware, specifically ransomware, that is designed to infiltrate computer systems, often unbeknownst to the user. It typically enters systems through suspicious downloads, emails, or websites. Once inside, ProLock can steal personal information, disrupt operations, and hold data hostage for ransom. This malware has been affiliated with leading ransomware syndicates such as REvil and Lockbit, and was notably observed in early 2020 alongside Qbot, another malicious software. ProLock's presence was followed by a more prolific outbreak of Egregor ransomware later in the year. The Qbot malware operation has had numerous collaborations with other ransomware gangs, including ProLock. Qbot, also known as Qakbot, acts as a delivery agent for different types of ransomware, most notably ProLock and Egregor. The role of Qbot in these collaborations is to distribute the ransomware to the infected machine, effectively pushing additional threats such as ProLock ransomware onto the system. This collaboration between Qbot and ProLock has resulted in significant losses for businesses. Prominent ransomware groups, including Conti and ProLock, have utilized Qbot's botnet for their operations. As a loader, Qbot distributed ransomware like ProLock to extort victims. This strategy of using a botnet to spread ransomware has made these cyber-attacks more effective and damaging. In summary, ProLock represents a significant threat due to its affiliation with major ransomware syndicates, its ability to be distributed by other malware like Qbot, and its use by prominent ransomware groups to cause extensive damage.

Description last updated: 2023-09-07T20:43:06.135Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Egregor Malware is associated with ProLock. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also pu	Unspecified	2
The Qbot Malware is associated with ProLock. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi	Unspecified	2

Source Document References

Information about the ProLock Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	How was Qakbot cybersecurity ransomware network dismantled?
CERT-EU	a year ago	Dismantling Qakbot Botnet - FBI's Largest Cyber Operation Ever
Flashpoint	a year ago	Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware
MITRE	2 years ago	Technical analysis of the QakBot banking Trojan
MITRE	2 years ago	Qbot - 2021 Threat Detection Report - Red Canary
Securityaffairs	2 years ago	New QBot campaign delivered hijacking business correspondence