January 9, 2014

Upcoming Ransomware of 2014: Prison Locker

by with 1 comment

New malicious ransomware named Prison Locker has the potential of causing mare damage than Cryptolocker. Image from http://4.bp.blogspot.com/

New malicious ransomware named Prison Locker has the potential of causing more damage than Cryptolocker. Image from http://4.bp.blogspot.com/

Cryptolocker Ransomware has infected thousands of computers and has allowed hackers to make millions of dollars. Cryptolocker encrypts all your files and documents and restricts your access to your system until you pay a ransom amount to the hacker. This very serious malware attack has gained momentum over the past few years. There are some precautions that you can take to protect your data from being hijacked by Cryptolocker ransomware and security experts are also coming up with prevention kits to secure systems from this malware attack. Just when we have started understanding this new form of malware and devising ways to prevent Cryptolocker ransomware attacks, a new form of ransomware is making headlines in many hacker forums.

Prison locker or Power locker is an evolution from Crypolocker that encrypts all files on your hard drive and shared drive in a “practically unbreakable encryption” process. Prison locker’s developers claim that it has the potential of causing more damage than Cryptolocker. Two hackers named “gyx” and “Porphyry” have been talking about this ransomware on many online forums. The ransomware is coded in C/C++, which encrypts all your files and then locks your screen, until you pay a ransom amount to the hacker. When your system is infected with Prison locker, it opens up a new locked up Window and disables Windows and Escape Key. Besides that, it also prevents other user actions like taskmgr.exe, regedit.exe, cmd.exe, explorer.exe, and msconfig.exe, and disables Alt+Tab feature.

A hacker by name "gyx" is making headlines in online forums. Image from MalwareMustDie.

A hacker by name “gyx” is making headlines in online forums. Image from MalwareMustDie.

The ransomware encrypts files on the victim’s hard drive and shared drives using Blowfish encryption technology. It can encrypt all files except .exe, .dll, .sys, other system files. For each file it generates a unique Blowfish key that is further encrypted with RSA 2048 encryption. After encrypting all the files on the victim’s system, it sends that information to the control panel center of the hacker. From the control center, the hacker can set the warning time of the ransomware, handle payments and decrypt files on the victim’s computer. As per the online forums, the developer of the malware is working on some of the features of the application and will be releasing the malware sometime soon. One of the interesting things is that they are selling this powerful and extremely malicious ransomware for only $100. Ransomware has the potential of hijacking victim’s entire system, including the shared drives, and very little can be done to counteract such an attack. If it poses all those technical features that it claims, then the worth of the ransomware should be more than $100. Whatever may be the financial motivation behind the ransomware, its reasonable price can make it easily available to anyone and can lead to more severe attacks.

A security research team called MalwareMustDie has been monitoring the discussions on Prison locker. From the screenshots of MalwareMustDie, it looks like the hacker is a security enthusiast with expert level knowledge in C/C++ programming language. Here is a screenshot from the hacker’s Twitter account:

Twitter profile of developer of Prison locker ransomware. Image from MalwareMustDie.

Twitter profile of developer of Prison locker ransomware. Image from MalwareMustDie.

The security team is closely following the developments in the Prison locker ransomware and updating details on their blog post.

One of the positive aspects of the revelation about this new threat is that we now have information about the ransomware before it is in its fully functional form. So, this gives an opportunity for the security experts to come up with a countermeasure for this ransomware before it is released. It is better to take control over this ransomware before starts causing major damages. As these kinds of malware usually hide in email attachments or website links, it is in your control to protect your personal data by not clicking on any malicious links or attachments. One click can infect your system, and can be avoided if you show good judgment.  Regularly back up all your files and keep your backups in a drive that is not connected to your computer. If you have backed up all your files regularly, then you are no longer trapped in such a situation. Even if your system gets infected with Prison Locker ransomware, you can retrieve your data from your back up drive that is not connected to your computer.

Secure cloud storage service that protects your data

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOakHive and SpiderOak Blue to secure consumer and enterprise data. You can sign up for this product now.