Latest Alarming Ransomware Development

Latest Alarming Ransomware Development

DIY Ransomware – New Threat

White-hat security research workgroup MalwareMustDie has been following discussions on underground crime forums regarding a new piece of ransomware currently being developed, which will apparently be put on sale for as little as $100.

The developer of the malware has dubbed his creation Prison Locker and later changed the name to Power Locker, and has been sharing his progress and details about the malware’s capabilities in order to drum up interest.–net-security.org

What makes PowerLocker particularly troubling isn’t this “unbreakable encryption.” CryptoLocker does the same thing, after all. There’s no getting your files back without the private key the criminals supply after you cough up the ransom. No, it’s the fact that someone is actively selling a DIY kit that mimics CryptoLocker’s functionality for a ridiculously low price.–geek.com

PowerLocker goes further than Cryptolocker

…PowerLocker goes even further. Once the encryption stage is done, it disables the Windows and Escape keys and prevents a number of other useful utilities like taskmgr.exe, regedit.exe, cmd.exe, explorer.exe and msconfig.exe from being used.

It then uses the functionality in Windows to create a secondary desktop and displays the ransom message there. The malware checks every few milliseconds to see whether the new desktop is the active one and prevents users from switching away from it, making the Alt+Tab keyboard shortcut and applications running on the primary desktop irrelevant.
– See more at: InfoWorld.com

Note to PC Matic users: Because PC Matic’s security, called Super Shield, uses a white list and a black list, you are protected from ransomware, but you have to make sure Super Shield is properly enabled.

Video: Step by step instructions for how to install and enable Super Shield.

147 total views, 1 views today

(Visited 44 times, 1 visits today)

12 thoughts on “Latest Alarming Ransomware Development

  1. I have seen this ransomware on my PC. The simple solution is disconnect cable to LAN or Turn off wireless router, or turn off modem, depending on how you gain internet access. Next turn off PC, Then with internet still turned off, reboot PC, as with any other open browser close it. Check new programs to see if it is listed if so delete, if no new programs, you are done. Turn off PC connect for internet useage, Reboot PC on. All will be normal. Fixed two pc’s with this issue one for someone else.

  2. About 2 mo ago SS started to cause exception errors. Tech service was, at best, non-responsive. After wasting hours on the “fixes” I gave up. Nothing like paying for something you can’t use.

  3. I have been unable to get PC Matic to go beyond the disk check mode even in 28 hours of running for at least 2 months.

    • @Holland Simms:

      Please try running Windows Disk cleanup from Start>Programs>Accessories>System Tools>Disk Cleanup, and then click the ‘More Options’ tab to delete all but the most recent restore point, if you do not need them.

      Once Disk Cleanup finishes, open Computer then right-click the Local Drive C:\ and select Properties>Tools>Error Checking>Check Now> put a checkmark in both boxes, click Start, then reboot.

      When the disk check completes, please try running PC Matic again and see if it will complete.

      If the issue persists, please open a ticket at our help desk using the link below:

      http://www.pcpitstop.com/store/service.asp

    • @Jerry:

      From your description, not being prompted with the certificate for the Active X control means either it’s being blocked by security software or the control has a problem, such as a dependent DLL file not being present on the computer.

      Try first shutting off any real-time security programs or firewalls that could be a source of interference with the Active X.

      Next, open Internet Explorer and go to: Tools | Manage Add-ons | Add-ons currently loaded in Internet Explorer and also | Add-ons that have been used by Internet Explorer and verify that all Active X add-ons from PC Pitstop are enabled.

      If the issue persists, make sure that you are both installing and running PC Matic from an administrator account. You can right-click on the icon(s) and select ‘Run as’ and assign an administrator account.

      Next, run the Windows registry repair tool from the link below:

      http://files.pcpitstop.com/support/Repair-ActiveX.cmd

      If you are using Vista, Windows 7, or Windows 8, first save the file above to your desktop, then right-click on the saved file and select, “Run as administrator”.

      When you run the tool you should see a command window open and be able to watch the tool’s progress. The tool may appear to ‘hang’ once or twice, but if you wait the tool should complete.

      If that does not help, set http://pcpitstop.com as a trusted site in the Internet Security Options (Start>Control Panel>Internet Options>Security>Trusted Sites>Sites>Add). Remove the check mark by “Require server verification (https:)…” if necessary. If you are using Vista, make sure PC Matic is starting from an administrator account by right-clicking on the icon and selecting ‘Run as administrator’ to start or install the program.

      The browser cache may also need to be cleared as PC Matic may be trying to load from a damaged page in the cached files. In IE6 go to Start>Control Panel>Internet Options>General>Temporary Internet Files>Delete Files >put a checkmark by “Delete all offline content” then click OK>OK. For IE7, 8, or 9 Go to Start>Control Panel>Internet Options>Browsing History>Delete> and click the button to delete the temporary Internet Files, then click ‘yes’, ‘close’, ‘OK’.

      If the issue persists, to verify whether or not the issue is a software conflict, try running the program from Safe Mode with Networking to determine if the problem is with a third-party application interfering.

      To access Safe Mode with Networking in Windows XP or Vista, repeatedly tap the F5 or F8 key while the computer is booting up. Once the menu opens, select Safe Mode with Networking, and later when prompted, administrator. The screen will look different because the video driver is not loaded. That will return to normal after a reboot. To run program, you may need to go to Start>Programs>PC Pitstop> if the desktop icons are not present.

      If the computer connects to the Internet using a wireless connection, it may be necessary to connect using an Ethernet cable in order to have Internet access from Safe Mode with Networking.

      You can also try creating a ‘test’ user account with administrative permissions and see if PC Matic will run from there. If so, then there may be something is the personal settings for your regular user account that is preventing Active X from working. In your regular user account, you can run our Active X test from here: http://www.pcpitstop.com/testax.asp

      If none of the above suggestions resolve the problem, please open a ticket at our help desk using the link below:

      http://www.pcpitstop.com/store/service.asp

  4. when I try to install Super Shield I have to remove my norton 360 program! This leaves me with no virus protection! Any help would be helpful!

    • @Dwayne Dahlberg:

      SuperShield is virus protection.

      You are seeing that warning message because it appears that the computer has multiple security products installed. The SuperShield component that is in conflict is an optional free add-on to the PC Matic program.

      Most competing security products provide a ‘Real Time’ agent running in the background. SuperShield is also a real-time antivirus agent and is monitoring every application that attempts to open on the computer. Running two real time agents can be a source of conflicts, causing the computer to run slowly as well as exhibit strange behaviors. You should choose only one real-time agent to use and uninstall/not install any others.

      Uninstalling/not installing the SuperShield component will have no effect on the main PC Matic program or how it tunes up the computer.

      Most competing security products provide protection through a ‘suite’ of applications, which basically means that there are numerous running processes to provide protection for the web browser, email client, phishing attacks, viruses, etc. Each item on the computer that is protected uses a process specific to that item. PC Matic provides a comprehensive malware scan and removal process as well as providing SuperShield, which prevents suspicious items from executing on the computer in the first place. It does not matter if the item comes as an email attachment, a link embedded in a web page, a drive-by download, etc, SuperShield will prevent the malware from being able to execute on the computer without the user’s specific permission.

      • it also depends on how often the security suite or antivirus program updates its virus list–some do it several times daily (to stay up-to-date with known viruses in the wild), while others do it daily/weekly/monthly.
        Real time virus protection is only as good as its updates–garbage in, garbage out.

        Take precautions–know this before you purchase,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.