Lock like a Pro: How Qakbot fuels enterprise ransomware campaigns

Group-IB alerted the world to ProLock.
Now, it’s exposing the threat actor further.

View whitepaper

The ProLock ransomware chain emerged in March 2020 as the successor of PwndLocker and has already made its mark, targeting enterprise networks with ransom demands of up to $1 million. Their main tool for initial access is Qakbot, a banking Trojan that has been linked to a recent spike in Big Game Hunting operations.

In this white paper, you’ll learn:

  • The complete tactics, techniques, and procedures (TTPs) of ProLock based on the updated MITRE ATT&CK® matrix
  • How Qakbot evades detection and achieves persistence in a network
  • Previously unknown details on post-exploitation tools used in the threat actor’s recent campaigns

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.