Security researchers have identified a new Ransomware-as-a-Service (Raas) family dubbed LokiLocker that has been active in the wild since August 2021. The ransomware employs file encryption to extort its victims and data wiping capabilities that can make an infected device unusable if a victim fails to pay the ransom. To obfuscate its activities, LokiLocker displays a fake Windows Update screen and disables multiple Windows security applications. It also deletes backup files and shadow copies to prevent data recovery. Security researchers at Blackberry believe the threat actors behind this ransomware family may be of Iranian origin. For more information on how to defend against this threat visit CISA’s Stopransomware.gov. Read more at SecurityWeek or read the full report at BlackBerry.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!