As disruptive as Cryptolocker is, there’s a possibility that an even deadlier type of ransomware will soon be targeting unsuspecting users.
White-hat security research workgroup MalwareMustDie has been following discussions on underground crime forums regarding a new piece of ransomware currently being developed, which will apparently be put on sale for as little as $100.
The developer of the malware has dubbed his creation Prison Locker and later changed the name to Power Locker, and has been sharing his progress and details about the malware’s capabilities in order to drum up interest.
If his claims are to be believed, Power Locker is capable of encrypting all files he finds on the target computer – except system ones and executables – with the Blowfish cipher algorithm. Each of these keys (one for each file) is then encrypted with RSA 2048, which in practice means that it’s impossible to break the encryption.
A locker module is then created, which spawns a new desktop and displays the ransom note in it. The Windows and Escape keys are disabled, several Windows processes are disabled, and the malware prevents users from returning to the initial desktop.
According to the developer, the malware uses different anti VM and debugger techniques to make its analysis difficult for security researchers.
These discussions have been ongoing since November 2013, and MalwareMustDie has apparently managed to tie the developer to an ICQ, a TorChat and a Jabber account, several email addresses, and to a Twitter account in which he says he is a “security enthusiast, novice infosec / malware researchers and cybercrime analyst”, and that he has C/C++ knowledge (Power Locker is written in these two programming languages).
The ICQ account has a name associated with it, but it’s quite possible that it’s a fake one. Nevertheless, at least some of the forum posters believe that the researchers are getting closer to the developer, and speculate about him disappearing. But, it seems that some of them have part of the malware’s source code, and are aiming at finishing what he started.
MalwareMustDie researchers have been urging law enforcement agencies around the world to start an investigation into the matter.