New ransomware, more insidious than CryptoLocker, to go on market

Share this article:

Researchers warn that a new threat, using harder-to-crack encryption methods than comparable ransomware, may hit the black market soon.

The malware, which locks users out of their computer until they pay a ransom, is being called Prison Locker and Power Locker on underground forums, according to a Friday blog post at Malware Must Die.

According to researchers for the blog, a user in an underground forum who goes by the online alias “Gyx,” first announced he was working on the ransomware on Nov. 20.

Gyx later tested the waters again on Dec. 7th (see screenshot), alerting potential buyers that “substantial progress” had been made in the malware's development.

When a user is infected with Prison Locker, the locker module of the malware opens a new display window and disables Windows and the users' escape key. Other Windows processes, like taskmgr.exe and cmd.exe, are also disabled, making a Ctrl+Alt+Del out of the window impossible, screencaps from the underground forum showed.

The malware author also designed Prison Locker to accept payments from victims via Bitcoin, or through online payment systems like uKash and Paysafe (though those options could change or expand before the ransomware's release).

A major factor that makes the malware more sinister than CryptoLocker, other ransomware discovered last fall, is that the new malware is said to use a “practically unbreakable encryption” process to keep users' files hostage, according to Gyx.

In an online discussion had Dec. 9 with a potential buyer, Gyx explained Prison Locker''s advanced features.

“I have changed the first level of encryption to BlowFish, and a unique BlowFish key is generated for each file,” Gyx wrote. “That BlowFish key is then encrypted with an RSA key specific to the PC, then the RSA block is stored with the file to be decrypted later.”

CryptoLocker, which came on the radar last September and also accepted Bitcoin payments as ransom, was noted as having infected more than 12,000 victims in less than a week at one point. Massachusetts police were also infected by the malware and handed over a $750 ransom to unlock files claimed by CryptoLocker.

Despite details about Prison Locker being disclosed by Malware Must Die, the release of the malware is still planned to continue, researchers warned. Sellers have marketed the price at $100.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.