Mount Locker Ransomware Affiliate Program

MountLocker ransomware has been growing steadily since its discovery at the end of July 2020, and it has now become trendy and globally diverse. A theoretical review of a new MountLocker variant was released recently by BlackBerry researchers.

List of ransomware that leaks victims' stolen files if not paid

Key Discovery 

The new edition of MountLocker first appeared in the wild in late-November, with an early-November compilation timestamp.

  • Thanks to excluding the extensive list of file extensions, the latest MountLocker ransomware variant is significantly smaller in scale than the previous models. It shares a resemblance of around 70 percent to the original release of MountLocker, with no noticeable modifications.
  • For an initial intrusion into corporate networks, the MountLocker operators depend upon affiliates. The Ransomware-as-a-Service and partner scheme broadly deploy the ransomware, targeting multimillion-dollar decryption services fees.
  • In these attacks for surveillance and lateral movement on the network, MountLocker affiliates were detected using public instruments such as CobaltStrike Beacon and AdFind. In contrast, FTP was used before encryption to exfiltrate sensitive client data.

Recent Attacks

Dozens Of Ransomware Gangs Partner With Hackers To Extort Victims - Privacy Ninja

  • The same version introduced file extensions in the second half of November, such as .tax, .tax2009, .tax2013, .tax2014, affiliated with the TurboTax program for processing tax return records.
  • The ransomware group had attacked Sonoma Valley Hospital in the same month and stole and leaked its details online.
  • In October, MountLocker attacked Sweden’s security company, Gunnebo AB.


In a brief period, the MountLocker community has been seen expanding its reach and enhancing its capability. The ransomware has threatened victims worldwide, and it is now expected to become a significant challenge for multinational organizations with increased capabilities and association.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More