Powerlocker VirusCriminal malware developers have created a new ransomware program called PowerLocker.  PowerLocker is used to encrypt files on infected computers so cybercriminals can demand ransom fees from victims to recover the files. The new ransomware appears to be inspired by the success of Cryptolocker, a program that’s infected more than 250,000 computers since September 2013.

Similar to Cryptolocker, PowerLocker uses strong encryption to prevent the user from recovering stolen files. If your computer is infected, you must pay the ransom fee to retrieve the files. Your only salvation will be if you’ve performed a recent file backup. If you haven’t, you’ll forfeit that data unless you pay the ransom.

According to security researchers, PowerLocker is more dangerous than Cryptolocker because its developers plan on selling it to other cybercriminals.

The malware’s main developer released a progress repost that reveals PowerLocker consists of a single file that’s placed in the Windows temporary folder.

  • Once the file infects a computer, it encrypts all the files stored on network shares and local drives.
  • The files are encrypted using the Blowfish algorithm and a unique key.
  • The keys are then encrypted with a 2048-bit RSA key.
  • The victim will be sent the public keys, but the corresponding private keys are needed to decrypt the Blowfish keys.

Does this sound familiar? Cryptolocker’s encryption process is very similar.  The difference is that PowerLocker disables the Windows and Escape keys after encryption.  Then it creates a secondary desktop to display the ransom message. PowerLocker prevents the victim from switching away from the secondary desktop, disabling the Alt+Tab keyboard shortcut.

In addition, PowerLocker detects whether the computer is running virtual machines, debugging environments, or sandboxes, in order to prevent security researchers from using tools to analyze it.

How to Mitigate the Damage PowerLocker Can Cause

The following are two ways to keep your data safe:

1.     Update Your Applications

Most malware is spread through exploits in vulnerabilities in software programs like Flash Player and Java. Keep your applications up to date to prevent ransomware and malware infections.

2.     Backup Your Data

If your computer is infected, you have two options: recover your files from a recent backup or pay the ransom fee. The take-home message here: Backup your data regularly.

To learn more about PowerLocker and how to keep your data safe, give us a call at (613) 828-1280 or send us an email at info@fuellednetworks.com. Fuelled Networks can help you stay up to date on the latest ransomware and security threats.

I have a strong passion for helping Ottawa Businesses, Entrepreneurs and professionals to become more productive and successful while allowing them to feel at ease and secure when it comes to their Information Technology needs. As the President of Fuelled Networks since 1998, I specialize in providing no-nonsense flawless and prompt technical support to Ottawa businesses, with in-depth consulting on Fortinet, Microsoft, Microsoft Cloud Stack and security. I strive to help businesses to succeed and take great pride in building long-lasting positive relationships and taking on a strong leadership role within the Ottawa community.

Published On: 13th January 2014 by Ernie Sherman.