Mountlocker
| RaaS
MountLocker operated as a ransomware-as-a-service from July 2020, using a standard developer/affiliate revenue split and leveraging compromised RDP credentials for initial access, propagating laterally via Windows Active Directory APIs and targeting over 2,600 file extensions.
Victims
18
First Discovered
2021-02-07
victim
Last Discovered
2022-02-08
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
0
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
No | 2026-04-28T07:25:03 |
mountnewsokhwilx.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 9
- Construction 3
- Transportation/Logistics 2
- Consumer Services 1
- Healthcare 1
Top 5 Countries
Heatmap
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
MEGA
PrivatLab
|
YARA Rules (1)
Victims (18)
