PowerLocker: A Newer, Smarter Ransomware Inspired Cryptolocker’s Success.

Powerlocker VirusCriminal malware developers have created a new ransomware program called PowerLocker.  PowerLocker is used to encrypt files on infected computers so cybercriminals can demand ransom fees from victims to recover the files. The new ransomware appears to be inspired by the success of Cryptolocker, a program that’s infected more than 250,000 computers since September 2013.

Similar to Cryptolocker, PowerLocker uses strong encryption to prevent the user from recovering stolen files. If your computer is infected, you must pay the ransom fee to retrieve the files. Your only salvation will be if you’ve performed a recent file backup. If you haven’t, you’ll forfeit that data unless you pay the ransom.

According to security researchers, PowerLocker is more dangerous than Cryptolocker because its developers plan on selling it to other cybercriminals.

The malware’s main developer released a progress repost that reveals PowerLocker consists of a single file that’s placed in the Windows temporary folder.

  • Once the file infects a computer, it encrypts all the files stored on network shares and local drives.
  • The files are encrypted using the Blowfish algorithm and a unique key.
  • The keys are then encrypted with a 2048-bit RSA key.
  • The victim will be sent the public keys, but the corresponding private keys are needed to decrypt the Blowfish keys.

Does this sound familiar? Cryptolocker’s encryption process is very similar.  The difference is that PowerLocker disables the Windows and Escape keys after encryption.  Then it creates a secondary desktop to display the ransom message. PowerLocker prevents the victim from switching away from the secondary desktop, disabling the Alt+Tab keyboard shortcut.

In addition, PowerLocker detects whether the computer is running virtual machines, debugging environments, or sandboxes, in order to prevent security researchers from using tools to analyze it.

How to Mitigate the Damage PowerLocker Can Cause

The following are two ways to keep your data safe:

1.     Update Your Applications

Most malware is spread through exploits in vulnerabilities in software programs like Flash Player and Java. Keep your applications up to date to prevent ransomware and malware infections.

2.     Backup Your Data

If your computer is infected, you have two options: recover your files from a recent backup or pay the ransom fee. The take-home message here: Backup your data regularly.

To learn more about PowerLocker and how to keep your data safe, give us a call at (309) 263-5600 or send us an email at sales@clearpathIT.com. ClearPath IT Solutions can help you stay up to date on the latest ransomware and security threats.

Contact info

Connect With Clearpath