MMD Discovered New Ransomware Nicknamed ‘PrisonLocker’

Threatpost.com reported on 6th January, 2014 stating that security researchers of 'Malware Must Die' which is a set of security researchers devoted to fighting cyber crime recently discovered a new ransomware nicknamed as 'PrisonLocker' possibly inspired from CryptoLocker and said that the writer of the malware is either a genuine security researcher or is posing as one via a individual blog and twitter account.

MMD has monitored the growth of PrisonLocker since they spotted it for sale on an underground criminal hacking-forum in November last year. The ransomware which is also known as PowerLocker is almost ready for trade and at the minute, looks to lack a completed graphical user interface (GUI) and is still going through tests for quality assurance. Once it is ready, the creator claims to sell the malware for around $100/license that can be paid using crypto-currency BTC (Bitcoin).

The PrisonLocker infection process begins with a Trojan which drops a single executable file into a temp folder. After installing effectively, PrisonLocker is crafted to encrypt nearly each file on tainted machines together with those on hard-drives and shared drives excluding system and executable files.

Each file is encrypted employing the Blowfish algorithm with an exclusive key. Those keys are then encrypted with a 2048 bit RSA key that's part of a public-private key pair distinctive for every computer. The owners of computer will have the public keys but won't have the analogous private RSA keys required to decrypt the Blowfish keys.

This is akin to implementation of CryptoLocker's encryption scheme but the new ransomware goes still further as once the encryption is completed, it can disable the task manager, registry editor and additional administration tasks built into the Windows OS.

It then employs the Windows functionality to generate a secondary desktop and exhibits the payoff message there. The malware verifies every few milli-seconds to observe whether the fresh desktop is dynamic and thwarts Internauts from toggling away from it.

The likelihood of a fresh crypto-based ransomware risk surfaces as generators continue to make advancements to the old CryptoLocker title. For example, late last month researchers of Trend Micro said that newer editions gave the CryptoLocker self-replicating capability allowing it to distribute via USB drives.

» SPAMfighter News - 1/14/2014