|ProLock actors encrypt the files on the victim’s network using RSA-2048 algorithm. After encrypting a victim’s files, ProLock actors leave a .txt extension file as a ransom note on the victim computer. The ransom note instructs the victims to visit a TOR page and log in using a unique ID included in the ransom note. The TOR page then displays the ransom price and wallet address for the ransom payment. The ransom note indicates the decryption keys will be stored for one month. The ProLock actors provide an email address victims can use to contact the ProLock actors if the victim cannot connect to the TOR page.|
|Block all threat indicators at your respective controls. |
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders