Ransomware MongoLock Immediately Deletes Files, Formats Backup Drives


We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the files allegedly saved in the cybercriminals’ servers.

Examining more than 200 samples, our telemetry showed the highest number of infections in South Korea, Great Britain, the United States, Argentina, Canada, Germany, Taiwan and Hong Kong. Trend Micro machine learning and behavioral detection technology proactively blocked this ransomware at the time of discovery.

Read more…
Source: Trend Micro