Powerware-ransomware pretends to be Locky variant




Security researchers at Unit 42, part of Palo Alto Networks, have discovered a new version of ransomware which masquerades as the famous Locky variant. The malware encrypts files only partially and is easy to remove.

The researchers write that the ransomware file provides the “locky’ extension and also takes over the communication which Locky asking for ransom. By posing as a known type of ransomware hope the criminals behind this variation victims still proceed to payment. According to Unit 42, the Powerware variant other malware often imitated.

This form of ransomware shows only encrypt the first 2048 bytes of files on the computer of the victim with 128bit AES. In addition, the key for decryption is present in the source code of the malware. Therefore, to make it easy to eliminate the infection. Researchers have for this purpose a tool put online.

Infection by Powerware is via a .NET file that turns a PowerShell script that searches for files on the computer of the victim.


In: A Technology & Gadgets Asked By: [22086 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]