Security experts have dismissed reports of a new ransomware campaign, calling it “a hype”.
Jamie Blasco, director of research at AlienVault Labs, said that what he had seen of PowerLocker and PrisonLocker was “a hype”, since the only information available was from one person who was supposedly developing it, but it was still not ready. “We don’t know the status of the project but one thing is clear, there are no samples available of this threat,” he said.
According to the Hacker News, two black hats named “gyx” and “Porphyry” were advertising the ransomware kit on various hacking forums with tutorials. The command and control centre allows an attacker to set the time duration, ransom amount, payment mode and ability to decrypt files after the payment received.
Troy Gill, security analyst at AppRiver, doubted that the kit had been put into use yet, but said that it was concerning about how widespread kits have become for cyber criminals use.
“Of course just like Cryptolocker, the best way to protect your data is a cold back-up. As long as offline backups are made regularly, the damage inflicted by this malware will be minimal. Of course that is often easier said than done because in this case awareness is paramount,” he said.
Tim ‘TK’ Keanini, CTO at Lancope, said: “Bad guys have a highly effective supply chain these days and no longer have to be an expert in all aspects of the attack. It is the DIY and kit form of Powerlocker that makes it interesting. These days, it makes more sense for these attackers to buy capabilities like exploits, evasion techniques and stolen credentials and, in the case of Powerlocker, ransomware techniques.”
According to 2014 predictions from McAfee, cyber criminals will increasingly employ ransomware in 2014 to move further into the profitable business marketplace.
Brian Honan, CEO of BH Consulting, told IT Security Guru that what is frustrating about ransomware is that the simple steps to prevent infection from most malware will also prevent infection by Ransomware.
“Keeping systems patched with the latest software, using up to date anti-virus software, educating users on the threat and having good backups that are verified to have worked will prevent many from becoming victims of ransomware, and if they should somehow still get infected, then having good backups will be the way to recover from that infection,” he said.
“However, we still see many businesses, and individuals, who still seem to think that computer viruses will not impact them and do not take the necessary measures to protect themselves. Previous malware would steal data, login credentials or recruit the victim’s PC into a botnet, but these issues were mostly hidden from the victim themselves or at least they would not see the impact for a while.
“Indeed, it is not unknown for people to continue to use infected computers oblivious to the fact that their computer is (sic) infected. Ransomware has an immediate impact, both from a financial point of view and also from a data accessibility/recovery point of view. Once infected, the victim has no choice but to deal with the issue.”
