As if the dreaded CryptoLocker malware was not problem enough for victims, there has been a great deal of chatter in recent months on underground forums about an even more ominous malicious agent in the wild with unbreakable crypto, dubbed “PrisonLocker” or “PowerLocker.”
CryptoLocker malware is widely being used in an extortion scheme in which an user’s files are forcibly encrypted by the attackers who then demand payment from the victim in exchange for the required decryption key to allow access to the hostage data.
Last fall, a massive spam campaign by an organized criminal element targeting small and medium sized businesses was responsible for tens-of-millions of emails being sent to UK residents which were tainted with the CryptoLocker ransomware.
What makes PowerLocker even more concerning than it’s predecessor is the fact that it may be heading for the black market as a do-it-yourself style malware toolkit that attackers can purchase a user license for, costing around $100.
The warning about the new malware was issued by MalwareMustDie, an anti-malware research group, who stated in a detailed blog post that “this one [has] escalated into quite harmful in threat level… if released… this will be more headache for researchers, industry and LEA (law enforcement agencies), so after internal meeting we decided to disclose it.”
PowerLocker is believed to have multiple advanced features, including disabling the task manager, the registry editor, and other administration functions at the user’s disposal, and it is thought to be equipped with functions to prevent reverse engineering by researchers.
The malware encrypts system files using keys that employ the Blowfish enecryption algorithm, and “each key is then encrypted to a file that can only be unlocked by a 2048-bit private RSA key,” according to reports.
Read More Here…