FBI warns of ProLock ransomware decryptor not working properly
The FBI has issued an alert warning the public that the ProLock ransomware decryptor does not work to secure data in the event of a ransomware attack. Earlier this month, the FBI released a flash alert informing organizations of the new threat actor, stating that it targets US healthcare, government, financial, and retail entities. With the ProLock ransomware, files larger than 64MB will likely be corrupted during the decryption process.
The FBI stated that the malware originated as PwndLocker in 2019, however, it typically targeted business and local governments at the time. The FBI adds that integrity loss of 1 byte is possible with files over 100MB and additional work is necessary to make the decryptor work properly, causing an increase in downtime of an organization even if they agree to ransom demands. Cybersecurity company Group-IB has stated that ProLock has joined forces with QakBot banking trojan, contributing to the ransomware’s ascension.