VERY IMPORTANT

As organizations were scrambling to deal with the lockdowns associated with the global COVID-19 pandemic, a new wave of ransomware attacks began. The ransomware, called ProLock, is a successor to PwndLocker, a ransomware strain that emerged late in 2019. Sophos initially encountered ProLock when it was caught by Intercept X’s CryptoGuard component on a customer network in mid-March. The malware uses a Powershell-based dropper that extracts Windows executable code from an accompanying graphics file—or at least, a file with a graphics format extension. And all of its malicious activities are concealed within legitimate Windows processes.