LokiLocker, a relatively new form of ransomware, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality.

LokiLocker, a relatively new form of ransomware, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality.

Double extortion became a hit last year, when ransomware gangs started stealing files before encrypting them to threaten victims with a sensitive data leak if they didn’t pay up.

BlackBerry Threat Intelligence is now warning that LokiLock, first seen in August 2021, now features an “optional wiper functionality” to put pressure on victims in a slightly different way.

Instead of attackers using the threat of leaking a victim’s files to pressure them into paying, LokiLock’s customers threaten to overwrite a victim’s Windows Master Boot Record (MBR), which wipes all files and renders the machine unusable. But that tactic effectively ends all negotiations about payment, of course.

Disk-wiper functionality has come into focus recently because of destructive malware attacks on Ukrainian organizations. The US government fears destructive malware could target organizations in the West in retribution for sanctions against Russia.

Historically, disk-wiper malware has often been favoured by state-sponsored hackers, as was the case in NotPetya, WhisperGate and HermeticWiper – all directly or loosely connected to Russian state-sponsored actors – where ransomware is a decoy for the true destructive intent.

March 17, 2022

By Liam Tung

Click to read the entire article on ZDNet

More Posts

November 18 through 21, 2024

I will be away from my desk in the late morning every day this week due to appointments. Otherwise I will be continuing to work