Filtered By: Scitech

Malware makers developing deadlier file-encrypting ransomware

Cybercriminals are working on a new deadlier ransomware that encrypts data and demands a ransom from the victim before it is decoded, a team of security researchers warned this month.

The group "Malware Must Die" said its monitoring of underground forums showed the team of malware developers is preparing to sell the new ransomware.

"(J)udging by the current materials, boosted by some interest from the crooks that communicating each other in the bad bad forums, serious damage will occur for sure," it said in a blog post.

It added the malware, dubbed PowerLocker, seeks to lock a victim computer by disabling key processes until the victim pays an amount to "unlock" the infected machine.

A separate report on PC World said PowerLocker may have been inspired by the CryptoLocker ransomware Trojan that infected more than 250,000 computers since September.

The PC World article said PowerLocker is believed to be "more sophisticated and potentially more dangerous because its developers reportedly intend to sell it to other cybercriminals."

"Every file is encrypted using the Blowfish algorithm with a unique key. Those keys are then encrypted with a 2048-bit RSA key that’s part of a public-private key pair unique for every computer. The computer owners will have the public keys, but won’t have the corresponding private RSA keys needed to decrypt the Blowfish keys," it said.

PC World said PowerLocker is being readied so it will be available for purchase, "thus making any script-kiddie a potential attacker.”

It also said PowerLocker can detect if it is being run in virtual machines, sandboxes or debugging environments, to thwart security researchers from analyzing it.

New trend?

PC World quoted Bitdefender researcher Bogdan Botezatu as saying the new malware appears to add extra features such as locking the user outside of the box, "thus taking the machine out of production completely.”

Botezatu warned such malware could cause serious problems to mission critical systems like hospital computers.

Yet, he said similar malware programs could likely be developed and used this year.

“Ransomware is easy money and that’s what cybercriminals are after,” he said. — VC, GMA News