MongoLock

What is MongoLock?

MongoLock is a recent strain of ransomware that attempts to remove files and format drives by executing special demands through cmd. Mongolock is designed to take advanced of databases with weak security settings. MongoLock leaves a tell-tale sign of its presence with a ransom note in the form of a “warning.txt” file on a system’s notepad. This warning may also be dropped as an entry inside whatever database is successfully breaches. MongoLock has a global reach and can be found commonly across the modern threat landscape.

In most cases, a MongoLock ransom note asks for .1 BTC, to be paid out to a specified Bitcoin wallet of the attacker’s choosing.

How to Recognize This Threat: When locking up files, MongoLock always adds the extension .mongo to the end of your file names. For example, “Image.PNG” will become “Image.PNG.mongo.” Furthermore, attempting to open any files encrypted by MongoLock will open the “warning.txt” with instructions to pay off the baddies.

How to Prevent This Threat: Since MongoLock usually infects systems through malicious email, training employees in basic email security can help eliminate the most common point of entry for this file-encrypting malware. However, the best solution to ward off MongoLock is a current generation firewall operating with up-to-date firmware and a strong Anti-Virus service. Pick from the top brands to get one shipped to you today.