ID: IRCNE2014012063
Date: 2013-01-11
According to "techworld", a team of malware developers is preparing to sell a new ransomware program that encrypts files on infected computers and asks victims for money to recover them, according to a volunteer group of security researchers who tracked the development of the threat on underground forums in recent weeks.
The new malware is called PowerLocker and its development was most likely inspired by the success of the CryptoLocker ransomware Trojan program that infected more than 250,000 computers since September.
Like CryptoLocker, PowerLocker allegedly uses strong encryption that cannot be cracked to recover the files without paying, but it's also more sophisticated and potentially more dangerous because its developers reportedly intend to sell it to other cybercriminals.
Based on a progress report by the malware's main developer -- a user with the online identity "gyx" -- PowerLocker consists of a single file that's dropped in the Windows temporary folder. Once run on a computer for the first time, it begins encrypting all user files stored on local drives and network shares, except for executable and system files.
Every file is encrypted using the Blowfish algorithm with a unique key. Those keys are then encrypted with a 2048-bit RSA key that's part of a public-private key pair unique for every computer. The computer owners will have the public keys, but won't have the corresponding private RSA keys needed to decrypt the Blowfish keys.
Most malware today is distributed through exploits for vulnerabilities in popular software programs like Java, Flash Player and others, so it is very important to keep all applications up-to-date to prevent infection with ransomware and other threats.
Backing up important data regularly is essential to recovering files in case of infection if users are to avoid paying money to cybercriminals. However, backups should not be stored on the same computer or on network shares to which the computer has write access, because the malware could damage the backups as well.
- 2