Chrome alert breached passwords

PwndLocker Turns Into ProLock Ransomware Barring Free Decryption

PwndLocker ransomware recently emerged as ransomware threatening businesses with huge ransom demands. However, soon after its emergence, the cybersecurity community devised a way to break its encryption owing to a bug. While that made things seemingly easy, PwndLocker has now transformed into ProLock as it fixes that bug.

PwndLocker Turns Prolock Ransomware

Earlier this month, we reported about new ransomware, dubbed PwndLocker. This ransomware aimed at businesses and organizations with uniquely high ransom demands. While it looked nothing different from most other strains, its variable demand for ransom based on the target’s potential to pay segregated it from others.

However, it had a vulnerability which researchers were quick to spot and develop a decryptor. Hence, it potentially saved the victims from paying the ransom to recover the data.

Nonetheless, the malware developers have now fixed the bug that made decryption possible. And so, we now have the ProLock ransomware in the wild.

According to BleepingComputer, ProLock largely works in the same way as PwndLocker. However, it encrypts the files while adding the extension .proLock to the file name. Whereas, the high demand for ransom remains the same.

ProLock ransom note (Source: Bleeping Computer)

ProLock Active In The Wild

According to Sophos’ PeterM, ProLock is active in the wild and is distributed via BMP image files. The image opens correctly with the file viewer. However, it only appears black with some white dots.

Though, it is presently unclear how the attackers manage to place this file on the target device.

So, the ransomware again becomes a real threat for the businesses, with presently no alternate option to escape ransom payments. The only measure to combat such situations is to ensure a robust backup of the data.

Source link