ProLock - Ransomware
The ProLock ransomware family appeared on the threat landscape in early 2020 and continues to evolve. The malware gains access to networks through weak/unprotected RDP servers or the QakBot trojan distributed through phishing campaigns with malicious attachments or links. PowerShell is used to load the payload in memory which is extracted from a BMP, CSV or JPG file. The ransom note reports if the funds are not paid the stolen files will be published to social networks and public media.