Seeing successful attacks as frequently as one per day, the creators of ProLock seek out larger organizations using the QBot trojan to infiltrate, spread throughout, and infect a network.

What starts as yet another phishing attack that uses a weaponized VBScript via Office documents turns out to be a far more invasive attack that brings operations to its’ knees and organizations considering reaching for their wallets.

According to security researchers at Group-IB, ProLock’s evolution from a failed prior iteration under the name PwndLocker has yielded a bit of malware so effective in its ability to perform network reconnaissance and lateral movement, its creators are big game hunting for organizations across both North America and Europe, looking to take down the largest of ransoms.

Now some good news.

Group-IB’s researchers have indicated that the phishing attacks used are “simple and straightforward” as seen in the email example below:

14d6458c0d68b72229f80114f7240046

There’s a really simple way to stop this ransomware from ever gaining control over your network: teach your users to not click on suspicious email links or attachments. This is easily done by enrolling them in new school Security Awareness Training that shows them what to look for, how to remain vigilant while doing their job, and how to keep from becoming the entry point for this and any other phishing-based attack.