Threat Database Mac Malware PureLocker Ransomware

PureLocker Ransomware

One of the ultimate ransomware threats to be detected by cybersecurity researchers is the PureLocker Ransomware. It is likely that the PureLocker Ransomware is available to be rented as a ransomware-as-a-service tool. This makes it far more threatening as we can never know how many shady individuals have gotten their hands on the PureLocker Ransomware and are propagating it. Thankfully, the authors of the PureLocker Ransomware have set the price rather high, so not many criminals will be able to afford the substantial sum.

Impressive Self-Preservation Techniques

The PureLocker Ransomware is written in a programming language called PureBasic. The PureBasic programming language allows a threat to be very flexible since malware written in this language can be reworked to be executed on systems running Windows, OSX and Linux. The fact that the PureLocker Ransomware is written in the PureBasic language increases its reach vastly. The PureLocker Ransomware does not begin the attack unless certain criteria have been met. This file-locking Trojan utilizes very high-tier methods of spotting sandbox environments, which helps it to avoid them successfully. Malware experts state that the PureLocker Ransomware has likely been active for several months before it was spotted, and these advanced malware debugging techniques seem to be the reason for this. There is a threat that appears to share some of its code with the PureLocker Ransomware. Its name is more_eggs (also called SpicyOmelette), and it also is a malware-as-a-service threat. It is known that top-tier hacking groups such as the FIN6 and the Cobalt Group have utilized the more_eggs malware in some of their threatening campaigns.

Targets Picked Carrefully

Unlike most ransomware threats whose goal is to infect as many computers as possible, the PureLocker Ransomware appears only to be targeting servers. The operators of the PureLocker Ransomware are targeting specific servers that belong to users who are more likely to pay the ransom fee clearly. The low infection rate comes to show us that the operators of the PureLocker Ransomware are rather picky, and instead of infecting a large number of servers, they prefer to stay on a down-low condition.

Since the PureLocker Ransomware is a very high-end data-encrypting Trojan, it is logical that there will not be any free decryption tools available. Since the PureLocker Ransomware is offered as a ransomware-as-a-service tool, it is likely that this file-locking Trojan may append different extensions and drop different ransom notes depending on who is propagating it. A victim who reported the PureLocker Ransomware stated that this ransomware threat had used a '. CR1' extension and has dropped a note named 'YOUR_FILES.txt.' In this specific case, the attackers had provided an email address for contact – ‘' The affected user reported that in the ransom note, the attackers claim that the ransom fee can be negotiated. However, we would recommend you to install a reputable anti-malware tool and use it to remove the PureLocker Ransomware from your system quick and safely.


Most Viewed