Beware PowerLocker Ransomware

  /     /     /  
Publicated : 22/11/2024   Category : security


Beware PowerLocker Ransomware


Chatter on underground forums traces development of Blowfish-based shakedown malware that encrypts infected PCs.



A new generation of ransomware known as PowerLocker -- aka Prison Locker -- is designed to lock PCs using uncrackable crypto.
That warning was sounded Friday by Malware Must Die, a group of self-styled anti-malware crusaders. Malware bad actors just keep on coding and developing new threats with the stupid dream to get rich soon in their stupid heads, the group said in a
blog post
that detailed what theyd learned about PowerLockers creator and about the malwares purported features and functionality.
In a Dec. 19
post to Pastebin
, PowerLockers developer said that his malware -- which was then due for imminent release -- used the
Blowfish
symmetric-key block cipher to encrypt all personal data stored on a PC, and then encrypted those ciphers using 2048-bit RSA encryption.
A unique BlowFish key is generated for each file. That BlowFish key is then encrypted with an RSA key specific to the PC, then the RSA block is stored with the file to be decrypted later, said PowerLockers developer, who uses the handle gyx.
[What security trends do you expect to see this year? Read
7 InfoSec Predictions For 2014: Good, Bad & Ugly
.]
Advertised PowerLocker features also include a customizable length of time before the bot uninstalls itself, the ability to customize the name and location of the malware file dropped during the infection, and the amount of money demanded by the ransomware before the data will be decrypted. Users -- meaning attackers -- can receive related payments via Bitcoin e-voucher codes as well as Ukash and Paysafe. The bot has an HTTP panel which will be used to control slaves and receive payment codes entered by slaves, said the developer. You can either approve or deny -- resetting the removal clock duration, specified by you during purchase -- a payment code, and then unlock/decrypt files on the PC -- identified by its IP.
PowerLocker costs $100, payable in bitcoins, while future upgrades -- or rebuilds -- will cost $25. Finally, a ghost panel -- referring to an innocuous-looking access panel that can be used to disguise the underlying malicious infrastructure on a server -- will cost $20.
Malware Must Die said that by publicizing the intelligence its gathered on PowerLocker and its developer, its not trying to stoke ransomware fear, uncertainty, and doubt. Rather, the group hopes that multiple law enforcement agencies and national computer emergency response teams will launch related investigations and nip PowerLocker sales in the bud. If released... this will be more [of a] headache for researchers, industry and LEA -- law enforcement agencies, the group warned, so after [an] internal meeting we decided to disclose it.
Indeed, PowerLockers play is to offer low-cost ransomware attacks for the cybercrime masses. For comparison purposes -- as
noted by Ars Technica
-- previous types of ransomware largely appear to have been developed by a particular gang and used only by that gang.
Many previous types of ransomware have also been heavy on scare and social engineering -- aka trickery -- tactics, but they have not necessarily been difficult to defeat using anti-malware software. The
Reveton malware
, for example, may flash a Threat of Prosecution Reminder on the screen of an infected PC saying that their system has been locked after attempts to access child pornography or other illegal content were detected. But if the user agrees to pay a fine, typically in bitcoins or another virtual currency, the malware promises that the whole matter will be dropped. The malware may also be localized so that the warning is labeled as being from a relevant law enforcement agency -- for example, from the FBI for US-based targets.
Who would fall for such a scam? According to
warnings
issued by government agencies in the United States and abroad, law enforcement agencies have been besieged by complaints about the malware as well as confessions from consumers who have paid up. Last year, even one
Massachusetts police department
reportedly paid a related ransom to get its encrypted data back.
The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the
Stop Data Leaks
issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Beware PowerLocker Ransomware