ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)

ProLock is a ransomware strain that has been used in Big Game Hunting (BGH) operations since at least 2020, often obtaining initial access with QakBot. ProLock is the successor to PwndLocker ransomware which was found to contain a bug allowing decryption without ransom payment in 2019.(Citation: Group IB Ransomware September 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	1
ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	1
ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2