The success of enterprise ransomware attacks has motivated more and more threat actors to join the game.
One of these new players is ProLock ransomware
The locker emerged in March 2020 as the successor of PwndLocker, which began operating in late 2019 and was responsible for the attack on Illinois' Lasalle County earlier this year. Their ransoms were always in the six-figure range, and it seems that ProLock operators are continuing that trend.
Despite not being around long, ProLock has already made its mark, targeting financial, healthcare, government, and retail organizations. The group's first big attack
– that we know of, at least – happened at the end of April, when they successfully attacked Diebold Nixdorf - one of the major ATM providers.
In this post I'll tell you all you need to know about the new player's main tactics, techniques and procedures (TTPs). After, I give a complete outline of the MITRE ATT&CK mapping as it pertains to ProLock.