Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


MMD Discovered New Ransomware Nicknamed ‘PrisonLocker’

Threatpost.com reported on 6th January, 2014 stating that security researchers of 'Malware Must Die' which is a set of security researchers devoted to fighting cyber crime recently discovered a new ransomware nicknamed as 'PrisonLocker' possibly inspired from CryptoLocker and said that the writer of the malware is either a genuine security researcher or is posing as one via a individual blog and twitter account.

MMD has monitored the growth of PrisonLocker since they spotted it for sale on an underground criminal hacking-forum in November last year. The ransomware which is also known as PowerLocker is almost ready for trade and at the minute, looks to lack a completed graphical user interface (GUI) and is still going through tests for quality assurance. Once it is ready, the creator claims to sell the malware for around $100/license that can be paid using crypto-currency BTC (Bitcoin).

The PrisonLocker infection process begins with a Trojan which drops a single executable file into a temp folder. After installing effectively, PrisonLocker is crafted to encrypt nearly each file on tainted machines together with those on hard-drives and shared drives excluding system and executable files.

Each file is encrypted employing the Blowfish algorithm with an exclusive key. Those keys are then encrypted with a 2048 bit RSA key that's part of a public-private key pair distinctive for every computer. The owners of computer will have the public keys but won't have the analogous private RSA keys required to decrypt the Blowfish keys.

This is akin to implementation of CryptoLocker's encryption scheme but the new ransomware goes still further as once the encryption is completed, it can disable the task manager, registry editor and additional administration tasks built into the Windows OS.

It then employs the Windows functionality to generate a secondary desktop and exhibits the payoff message there. The malware verifies every few milli-seconds to observe whether the fresh desktop is dynamic and thwarts Internauts from toggling away from it.

The likelihood of a fresh crypto-based ransomware risk surfaces as generators continue to make advancements to the old CryptoLocker title. For example, late last month researchers of Trend Micro said that newer editions gave the CryptoLocker self-replicating capability allowing it to distribute via USB drives.

» SPAMfighter News - 1/14/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page