VERY IMPORTANT

A recent incident with a new Sophos Managed Threat Response (MTR) customer has raised questions about the Mount Locker ransomware group and the relationship it has with Astro Locker Team. From the tactics, techniques, and procedures (TTPs) used, to the files involved, and even the ransom note left behind – pointed to this being the work of the Mount Locker group; however, something odd happened when the investigators followed the link included in the ransom note. Upon following the TOR link, MTR investigators were presented with a chat directly with the “support” team for the ransomware who introduced themselves as the “AstroLocker Team” and also the “Astro Locker Team.”