PrisonLocker, nästa variant av "Ransomware??

Trädvy Permalänk
Medlem
Registrerad
Apr 2008

PrisonLocker, nästa variant av "Ransomware??

Om denna varianten blir klar och gör vad skaparen påstår så kommer det bli svettigt för de som infekteras! Dessutom verkar skaparen vara beredd att sälja "licenser" för ~$100/styck!

PrisonLocker

Citat:

According to specifications listed by the author in a number of locations, the PrisonLocker infection process will begin with a Trojan that drops a single executable file into a temp folder. Following successful installation, PrisonLocker is designed to encrypt nearly every file on infected machines, including those on hard drives and shared drives but excluding .exe, .dll, .sys, and other system files. According to a Pastebin post from Dec. 19, PrisonLocker will deploy the Blowfish cipher, and each infected machine will have a corresponding Blowfish decryption key that is encrypted using RSA AES 2048-bit encryption.

Other features include persistence through Windows registry keys, disabling infected users’ Windows and escape buttons, and blocking task manager, command prompt, registry editor, and other Windows utilities.

Like CryptoLocker, infected users will be given a predetermined amount of time to pay the ransom before the decryption key is forever deleted. Whoever administers the ransomware will have the ability to choose the preset amount of time and pause or reset this deletion clock in order to examine ransom payments. Other customizable features include naming and placing the infection file, determining the ransom amount and method of payment, and the establishing the username and password for the administrative panel, which is set as “admin” and “admin” by default.

PrisonLocker also boasts a number of analysis prevention features. Its author claims it detects basic virtual machine, sandbox, and debugger environments. The malware will also set up what its creator calls a “locked window in a new desktop.” This, the creator claims, will render useless the “alt+tab” command and, thus, all other applications. Beyond that, even if a user manages to escape the locked window, PrisonLocker includes a module that forces the locked window to the forefront of the user’s desktop every few milliseconds.

Trädvy Permalänk
Medlem
Plats
Sthlm
Registrerad
Apr 2002

Verkar ju onekligen inte bli kul att bli infekterad av detta :/ Tur att man inte tankar piratkopierat som man gjorde förr i tiden! Man kanske får dra ned på eventuellt porrsurfande ett tag

..:: trickeh2k ::.. http://youtube.com/trickysaer Windows 10 Pro - i7 4790k @ 4,5Ghz - ASUS Maximus VII Hero - 8GB AVEXIR Blitz 1.1 Blue LED CL10 2400Mhz - Corsair AX860i - EVGA GTX 780 Classified - Acer Predator XB271HU - ASUS VG248QE - QPAD MK-85 (MX-Brown)/SteelSeries Sensei RAW Rubberized - A-Data SX900 128GB, Samsung EVO 840 120GB, SanDisk Ultra II 480GB, 2TB WD Caviar Black - ASUS Xonar DX - ASUS Strix 7.1 Gaming Headset - Blue Yeti - Corsair 750D - Custom water loop

Trädvy Permalänk
Medlem
Registrerad
Apr 2008

Håll era program uppdaterade (Adobe, java, Win etc) så ska det nog gå bra!