PowerLocky Ransomware
Posted: July 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 12,469 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 7,469 |
First Seen: | July 25, 2016 |
---|---|
Last Seen: | October 3, 2023 |
OS(es) Affected: | Windows |
The PowerLocky Ransomware is a threatening file encryptor that borrows components from two previous Trojan campaigns. Because the PowerLocky Ransomware targets data on the infected PC with attacks that could render them unreadable, malware researchers advise keeping recent backups for preventing the possibility of the PowerLocky Ransomware doing any irreversible damage. PC users already dealing with an infection should remove the PowerLocky Ransomware with anti-malware products best able to identify its files.
A Marriage Made in Bad Code
Although many of the most dedicated malware authors see the virtues of independently-developed projects, they are outnumbered by a majority of con artists in the industry, who prefer using any pre-existing code, infrastructure, and graphics elements whenever possible. Sometimes this lazy work ethic leads to them recycling particularly simple programming content, such as the rebirth of the PowerWare Ransomware in the PowerLocky Ransomware campaign. Both of these Trojans base themselves on a core of Windows PowerShell scripts.
The PowerLocky Ransomware's main body is dropped into a sub-directory of the AppData folder, guaranteeing that few PC users will look for it immediately. A DLL-loading sequence launches the PowerLocky Ransomware and its payload, which scans for dozens of separate file types, including WAV, PDF, DOC, and a wide range of less-commonly-used extensions. However, the PowerLocky Ransomware's encryption sequence, based on AES-128, also appends a new extension: the '.locky' string, which is most commonly associated with the '.locky File Extension' Ransomware.
It completes its payload by sharing another component with the Locky family: its ransom message. Like the '.locky File Extension' Ransomware, the PowerLocky Ransomware asks for a Bitcoin payment (currently equivalent to 500 USD) before giving its victims access to a possible decryption service that would restore their data. Because the PowerLocky Ransomware bases itself on a wholly separate set of code, malware experts can't guarantee the authenticity of its version of the 'Locky' Decryptor.
Finding the Power of Ridding Yourself of a Trojan Fusion
Pure, PowerShell script-based Trojans are relatively rare in comparison to more conventional threats, but the PowerLocky Ransomware still does exert all of the risks that are attendant in any file encryptor's attacks. The PowerLocky Ransomware can cause potentially permanent damage to a broad array of data types, although malware experts saw no inclinations from this threat for targeting OS components. PC users keeping backups in non-local drives or servers can restore over their encrypted content, whereas less-prepared users will need to use free decryption tools.
Although PowerShell scripts do have a limited degree of compatibility with non-Microsoft operating systems, the PowerLocky Ransomware's script commands are most compatible with Windows machines. Current detection rates for the PowerLocky Ransomware are over fifty percent, most likely owing to this threats recycling of old malware code. Past attacks by the PowerLocky Ransomware's relatives often used e-mail infection mechanisms, such as PDF attachments. These attachments always require being opened by their victims and often exploit vulnerabilities that are resolvable via official patches.
Although it's not difficult to see why unprepared PC owners would pay a questionable ransom instead of uninstalling the PowerLocky Ransomware immediately, paying does not correlate to any guarantee in data decryption. As such, with high failure rates on such transactions seen every week, malware experts tend to recommend any attempted solution other than paying the PowerLocky Ransomware's authors for breaking the law.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.