large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Coldlock- Ransomware

Multiple entities in Taiwan were targeted with the ColdLock ransomware which focuses on encrypting databases and email servers. The malware stops a range of services before encryption including MariaDB, MSExchangeIS, MSSQL, MySQL, and Oracle. AES in CBC mode is used for encryption and the malware drops the ransom note in various locations including %Desktop%, %System Root%, and %User Startup%. ColdLock is file-less and uses a PowerShell script to load the malicious software into memory.
Name Modified Date Sources
Coldlock- Ransomware 2020-05-21