News

PowerWare ransomware masquerades as Locky variant

By admin
Spread the love

Security researchers at Unit 42, part of Palo Alto Networks, have discovered a new version of ransomware masquerading as the well-known Locky variant. However, the malware only partially encrypts files and is easy to remove.

The researchers write that the ransomware provides files with the ‘locky’ extension and also takes over the message in which Locky asks for ransom. By pretending to be a known type of ransomware, the criminals behind this variant hope that victims will still pay. According to Unit 42, the PowerWare variant has more often imitated other malware.

However, this form of ransomware only appears to encrypt the first 2048 bytes of files on the victim’s computer with 128-bit AES. In addition, the key for decryption is present in the source code of the malware. This makes it easy to reverse the infection. The researchers have put a tool online for that purpose.

The infection by PowerWare occurs via a .NET file that unpacks a Powershell script, which searches for files on the victim’s PC.

The warning that victims see

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Rumor: Meta wants to release open source language model LLaMA as a paid product

News

Senate adopts bill to make doxing a punishable offense

News

Amazon goes to the EU Court for stricter supervision under the Digital Services Act

Exit mobile version