PwndLocker Ransomware Aims Big With High Ransom Demands

in #cyberattack4 years ago


Considering the growing money-making potential of ransomware, more and more criminals are stepping into the niche. Recently, another ransomware has surfaced online that is active in the wild. Dubbed PwndLocker ransomware, it targets businesses and cities to demand a high ransom.

About PwndLocker Ransomware


Researchers from MalwareHunterTeam have analyzed new ransomware that demands big ransoms. Identified as PwndLocker, the ransomware targets Windows systems and stops various services to encrypt data.

Many of the services it targets include Microsoft SQL Server, MySQL, Veeam, Exchange, Zoolz, Acronis, Oracle, Backup Exec, Internet Information Server (IIS). Also, it strikes some security programs as well, such as Kaspersky, Malwarebytes, Sophos, and McAfee.

After infecting a target system, it begins encrypting data files whilst renaming them with a .key or .pwnd extension. Though, this encryption is a selective process where the malware skips any specific system and executable files and files in certain folders.

The Ransomware deletes shadow volume copies to prevent potential recovery of data. Vitali Kremez has quickly shared his analysis in a tweet.

https://twitter.com/VK_Intel/status/1230854337129254913

Once complete, the ransomware places the ransom note file entitled “H0w_T0_Rec0very_Files.txt” through the system and desktop. This note includes instructions for obtaining the decryption key.

What’s peculiar with PwndLocker is its variable demand for ransom that depends on the affordability of the target. As mentioned in their ransom note,

The price depends on the network size, number of employees and annual revenue.
https://twitter.com/malwrhunterteam/status/1230576922356305922

Active Attacks Reported Recently

PwndLocker attracted the attention of the researchers after it became active in the wild. While the ransomware has been around since 2019, it recently came into limelight after repeated attacks on US cities. A few days earlier, it targeted Lasalle County in Illinois, and demanded 50 BTC in ransom. Although, officials are expressing their refusal to pay the ransom, according to reports.

Likewise, it has also recently targeted the City of Novi Sad in Serbia.

Currently the Ransomware encryption remains uncracked, therefore businesses and cities must ensure applying proactive security measures to prevent attack.

Let us know your thoughts in the comments.

Posted from my blog with SteemPress : https://latesthackingnews.com/2020/03/05/pwndlocker-ransomware-aims-big-with-high-ransom-demands/

#evadesecurity #malware #malwareattack #malwarecampaign
4 years ago in #cyberattack by
$0.00
    3 votes
    Reply 1

    Coin Marketplace

    STEEM 0.17
    TRX 0.16
    JST 0.031
    BTC 61904.94
    ETH 2583.24
    USDT 1.00
    SBD 2.57