Researchers Reveal PowerLocker, a New File-Encrypting Ransomware Being Developed by Cybercrooks
Cybercrooks hardly ever turn their back on the possibility to exploit a vast number of computer users through some new malware creation that ultimately generates monumental amounts of money for them. A new malware threat, now touting the name of PowerLocker, is the creation of cybercrooks who look to expand on the success of the famous CryptoLocker Ransomware threat that had infected upwards of 250,000 computers since September of 2013.
Just like CryptoLocker, PowerLocker supposedly utilizes aggressive encryption that may not be cracked to recover files without paying up a ridiculous fee through a selected e-payment avenue.
What has really sparked an interest in researchers is the idea of PowerLocker being sold off to other cybercrooks, so they too can partake of the money accumulated through thrashing path of a destructive malware threat. The concept of selling off PowerLocker, which is speculated to be much more aggressive than CryptoLocker, makes it potentially more dangerous and a threat to put on our radar screen with a bright red target on it.
The emergence of PowerLocker is still not clear. However, Malware Must Die (MMD), a group of security researchers fighting cybercrime, discovered a post on an underground forum where a malware author indicated intentions to launch a new ransomware project under the name of Prison Locker. Just after the time of reading this post during late November 2013, MMD uncovered the name changing to PowerLocker.
The development of PowerLocker has been tracked by few researchers, and MMD has taken proper steps to make this information public in preparation to combat this potentially hostile threat. So far information was gathered from the malware's alleged main developer going by the online name of 'gyx'. He has so far revealed that PowerLocker contains a single file that is dropped in the Windows temporary folder and will begin encrypting all user files when run for the first time. The files encrypted are located on local drives and shared network drives mostly excluding executable and system files.
PowerLocker, from the chatter of its creator, is said to use CryptoLocker's encryption process but goes to another level to disable the Escape and Windows keys on the keyboard to prevent the use of useful utilities to potentially disable its process (cmd.exe, regedit.exe, taskmgr.exe etc.).
There is no doubt that PowerLocker has been cleverly thought out to evade a premature demise. This is not to say CryptoLocker was easy to remove or stop its encryption actions, it is to simply say PowerLocker could be the most destructive and more difficult to remove than any other ransomware threat we have ever seen.
From the talk on an underground forum where MMD first got wind of the development of PowerLocker, it seems this new ransomware may be a two-edge sword in that it uses components from CryptoLocker and other successful malware like the FBI Ransomware threats. Basically, PowerLocker will be sold for $100 USD in Bitcoins per initial build, and $25 for each rebuild. On top of that, victimized computer users will be forced into paying an unverified amount of money to supposedly decrypt their files.
The conclusion of what we will expect from PowerLocker, its distribution remains to have a big question mark tagged to it. Most malware now days is distributed through vulnerabilities and exploits found within popular applications like Java, Flash Player and other susceptible programs. For now, computer users are reminded of the importance of backing up their data and running updated software. Additionally, running an updated antispyware application is an essential step to combating any emerging malware threats even if it is something said to be extremely destructive like PowerLocker.