{"id":48835,"date":"2014-04-21T00:00:00","date_gmt":"2014-04-21T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/powerlocker-how-hackers-can-hold-your-files-for-ransom\/"},"modified":"2020-11-10T22:35:02","modified_gmt":"2020-11-10T22:35:02","slug":"powerlocker-how-hackers-can-hold-your-files-for-ransom","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/2\/30041\/internet\/powerlocker-how-hackers-can-hold-your-files-for-ransom","title":{"rendered":"PowerLocker: How Hackers Can Hold Your Files for Ransom"},"content":{"rendered":"

Ransomware<\/a>, or crypto-extortion, is making a strong resurgence. In December 2013, ESET Security determined that ransomware belonging to the nefarious CryptoLocker family has propagated to every corner of the world. And more than 50 percent of the attacks were happening right here in the United States.<\/p>\n

\"pie<\/p>\n

Source: ESET Security<\/span><\/p>\n

Even though CryptoLocker is a highly successful piece of malware, it appears it's about to be usurped by an even more insidious ransomware called PowerLocker.<\/p>\n

What Is Ransomware?<\/span><\/h2>\n

For those not familiar with ransomware, now is the time to learn about it. In fact, it's much better to read about it now, than be introduced to it via a sinister-looking window like the one below.<\/p>\n

\"screenshot<\/p>\n

Source: Malwarebytes.org<\/span><\/p>\n

The slide is advertising that ransomware, in this case CryptoLocker, has taken over the victim’s computer. Malwarebytes.org has determined that CryptoLocker searches for files with the following extensions:<\/p>\n

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc,<\/span> docm, docx<\/span>, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt<\/span>, pptm, pptx<\/span>, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls<\/span>, xlsb, xlsm, xlsx<\/span><\/p>\n

Some of the more familiar extensions, found in bold, are related to Microsoft Office<\/a> documents. If the victim had documents with any of the above extensions on their now-infected computers, the files would become completely inaccessible. In other words, they will be held ransom.<\/p>\n

In the screenshot above, the section circled in green mentions that public-private key encryption was used to encrypt the files. And, unless you work for the NSA, that sort of encryption is most likely unbreakable. The section circled in red advertises the ransom amount, in this case $300.<\/p>\n

What To Do About Ransomware<\/span><\/h2>\n

Once infected with ransomware, the options are simple. Victims either pay up, or they don’t. Neither option is a good choice. Not paying means the files are lost. Then the user has to decide whether to scrub the computer with an anti-malware product, or rebuild the computer completely.<\/p>\n

But paying out the ransom stinks too, because this forces victims to trust the extortionist. Before biting the bullet and paying the ransom, consider the following: Once the extortionist has the money, why send the decryption information? And, if it all works out and your files are released, you still have to go through the same process of deciding whether to scrub the computer with an anti-malware product or rebuild it.<\/p>\n

Today's New and Improved Ransomware<\/span><\/h2>\n

Earlier, I briefly mentioned PowerLocker as the new and improved ransomware. And it has the potential to do more harm than any previous variant of ransomware. Dan Goodin at Ars Technica provided this explanation<\/a> of what PowerLocker is capable of doing.<\/p>\n

In his post, Goodin states that the digital underground has decided to go commercial, offering PowerLocker as a DIY malware kit for $100, which means that more bad people – particularly those who are not proficient in malware-speak – will be able to inflict financial pain on unsuspecting Internet travelers.<\/p>\n

"PowerLocker encrypts files using keys based on the Blowfish<\/a> algorithm. Each key is then encrypted to a file that can only be unlocked by a 2048-bit private RSA key<\/a>, " Goodin writes.<\/p>\n

I like to second source information about malware that has just been discovered, and is not yet circulating in the wild. So I contacted Marcin Kleczynski, CEO and founder of Malwarebytes.org, asking for his opinion on PowerLocker.<\/p>\n

Kleczynski, along with his colleagues Jerome Segura and Christopher Boyd, mentioned that PowerLocker is so new that much of what’s being published is speculation. Bearing that in mind, PowerLocker potentially improves upon CryptoLocker by being able to:<\/p>\n