Infamous Ransomware Power Worm Maligning PCs, Finds Trend Micro

According to Trend Micro the security company, the ransomware Power Worm in one fresh variant is contaminating PCs while using an encryption key to encode data files followed with discarding the same key due to fault within programming of the malicious program.

A PowerShell-based ransom malware, Power Worm utilizes PowerShell in Windows for triggering and carrying out the sinister operations it intends doing.

Microsoft the developer of Windows PowerShell has designed it to be a framework for letting automation of operations and tasks while running Windows PCs.

The discoverer of Power Worm malware Trend Micro found it during March 2014 the time the company identified a vibrant campaign designed for attacking Excel and Word documents.

The variant in discussion aims its attack on data files of a myriad form, yet this isn't a characteristic which distinguishes it from other ransomware groups. For, it's really one encryption routine that's improperly enforced when the hacker tries making the decryption procedure simple as well as lowering operational expenses.

Malware Researcher Nathan Scott during a description intended for Bleeping Computer said that the malware creator had thought of utilizing an AES key of static nature while targeting any victim.

The decryption code that anybody would use would be the same so that the malware's creator would own a single decryptor key for everybody instead of requiring a complex payment website as well as a decryption engine.

The AES code, transformed into one Base64 string, wasn't properly padded at the time therefore it triggered a problem. The malware creator had an impression that the encryption code in use was alright, but it was a random key that wasn't ever saved and without a means for recovering it anytime later. Such a trivial missing equation irrevocably damaged victims' data. Had the malware creator just examined the infection from his malware the problem would not have been aroused. Rather the victim's data would've been encoded using one static AES code that would've provided an opportunity for regaining his data-files.

Unfortunately, for people victimized with the malware the only remedy lies in resorting to a backup for restoration.

» SPAMfighter News - 11/18/2015