Newly discovered a distractive Ransomware Mongolock targets the databases & deleting files together with encrypting the files so as to demand the ransom quantity.

Ransomware has become one in every of the foremost dangerous cyber-attack strategies attributable to the various techniques it uses to encode the files and evade the detection of a security package to earn cash. Also, at a time, it’s not restricted to encrypting user’s files however additionally deletes the files and formats the native disk drives.

Unlike ancient ransomware attack, Mongolock Ransomware not solely encrypts the compromised victim files however additionally deleting the victims get into native drive and copy the info to demand ransom quantity.

During infection sessions, once the file is going to be dead it checks for user’s folders and specific locations like Documents, Desktop, Recent, Favorites, Music and Video.

In this case, Mongolock Ransomware mistreatment ‘format.com’, legitimate windows command format the folders and drives so as to delete the compromised system files.

Mongolock Ransomware Infection & Deleting method

Once the Mangolock ransomware with success launched it a dead varied command for every folder so as to perform a format operation.

“C:\Windows\system32\cmd.exe” /c del C:\Users\Public\Desktop\* /F /Q

“C:\Windows\system32\cmd.exe” /c del C:\Users\User\Videos\* /F /Q

“C:\Windows\system32\cmd.exe” /c del D:\\* /F /Q

“C:\Windows\system32\cmd.exe” /c format D: /fs:ntfs /q /y

“C:\Windows\system32\cmd.exe” /c del C:\Users\User\Desktop\* /F /Q

“C:\Windows\system32\cmd.exe” /c del C:\Users\User\Music\* /F /Q

“C:\Windows\system32\cmd.exe” /c del C:\Users\User\Favorites\* /F /Q

“C:\Windows\system32\cmd.exe” /c del C:\Users\User\Documents\* /F /Q

Before playacting a format method, ransomware collect and send all the victim’s info into the aggressor by establishing the reference to Command & management server.

Command to delete Desktop files

Command to format the native hard drive

According to fast heal analysis, although we’ve seen the property of the ransomware to the CnC server, we’ve not seen any information is secured on the server, hence, users square measure suggested to not pay any ransom because the malware authors won’t be ready to restore the information.

Once the ransomware completes its operation then finally it drops the ransomware note that contains the elaborated info that says “victim’s info and files copy on their secured server. “

Warning message says that the victims got to pay the zero.1 bitcoin to the pocketbook that they mention within the ransomware notes and therefore the secured information is going to be a come to the victim inside twenty-four hours once the payment is going to be made up of victims finish.

How to keep safe from ransomware attacks

perpetually take a backup of your vital information in external drives like HDD and pen drives. think about employing a reliable Cloud service to store the information.

don’t install any software package or cracked versions of any package.

don’t open any promotional material shown on websites while not knowing that they’re real.

Disable macros whereas mistreatment MS workplace.

Update your antivirus to safeguard your system from unknown threats.

don’t click on links or transfer attachments in emails from sudden, unknown or unwanted sources.

READ  Penetration Testing