If you thought CryptoLocker was bad, a new version of malware more harmful and difficult to fight may be in the works. After examining several forums, researchers have found what appears to be the latest attempt to sell ransomware to online criminals.
Malware Must Die! (MMD) released contents of research it performed recently consisting of screenshots from hacker forums. The screenshots are of various postings from a user who claims to have created new malware, known as PowerLocker or PrisonLocker that encrypts data content on an infected computer. Windows features that would typically be used in fighting the attack, such as Alt+Tab; Command Prompt; Task Manager and Regedit would be disabled as would the Esc and Windows keys.
When CryptoLocker infections started appearing last fall, users saw a red popup window advising that the computer was infected and that data files on it were being encrypted. The user was instructed to pay several hundred dollars to get the decryption key through an anonymous payment method like Bitcoin or MoneyPak. If the user did not pay the ransom within 96 hours, the files would remain permanently encrypted.
Infection was traced back to spam emails that used social engineering tactics to get the user to open an attachment with a .zip file.
Online criminals wishing to take computers hostage would pay the author of PowerLocker $100 for a copy. The deadline, amount of ransom and payment methods are among the configurable settings.
Symantec advises against paying ransoms as this encourages future attacks. The best cure is prevention as decryption without a key is nearly impossible. Backing up data on a regular basis and keeping the backups offline is the best defense right now. Symantec (News - Alert) currently can detect CryptoLocker. Since PowerLocker does not appear to be currently ‘in the wild’, based on MMD’s research, there are no reports of infections or antivirus signatures for it.
Fighting malware has always been a matter of antivirus companies keeping up with the virus authors, but PowerLocker would take cybercrime to a new level. Unlike CryptoLocker, which appears to be used by a small criminal ring, PowerLocker could be widely distributed for less than the cost of most smartphones.