mountlocker

Inactive

MountLocker operated as a ransomware-as-a-service from July 2020, using a standard developer/affiliate revenue split and leveraging compromised RDP credentials for initial access, propagating laterally via Windows Active Directory APIs and targeting over 2,600 file extensions.