Power Worm Ransomware
Posted: November 11, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 99 |
First Seen: | November 11, 2015 |
---|---|
OS(es) Affected: | Windows |
The Power Worm Ransomware is a PowerShell script Trojan that encrypts your files in attempts to ransom them for money. However, the Power Worm Ransomware's ransom message delivers inaccurate information about its features, and its file encryption attack is bugged currently, making your files undecryptable. The state of this threat only lends additional credence to the standard advice of malware experts when dealing with file encryptors, which is is to use anti-malware products for their removal and remote backups to save your files.
The Power Worm Ransomware: A Trojan Coded for Powerlessness
Threatening software may exploit PowerShell, a default Windows app, for purposes ranging from ease of use to protecting themselves from anti-malware detections. However, despite the simplicity of PowerShell threats like CoreBot and Poweliks, threat developers still have room for potentially severe coding errors. The Power Worm Ransomware is one of the most obvious examples of what happens when a poorly-coded Trojan botches its payload: the intended 'ransom' process may take your money, but is incapable of restoring your files.
The Power Worm Ransomware scans for files on your hard drive and encrypts the ones of particularly popular or important types, such as JPG, TXT, DOC, ZIP and MP3. After being encrypted, a file can no longer be opened or read. The Power Worm Ransomware also deletes local backup information that Windows could use to restore your files. However, the Power Worm Ransomware's encryption routine includes a typo in its string conversion that causes the Trojan to use a randomized key that it fails to save. Based on other areas of its code, malware researchers estimate that the Power Worm Ransomware originally was meant to use a single, preset key for all victims, despite its ransom instructions claiming that its attacks are personalized.
As a result of its flaw (deriving from a simple, missing equals sign in its code), the Power Worm Ransomware is unable to reverse its attacks and its administrator has no means of restoring your files in exchange for your ransom money.
Following Up on a Less than Honest Ransom
The Power Worm Ransomware's ransom note is almost identical to a previous one circulated by the CryptoWall Ransomware, albeit with an additional time duration-based warning. Both this warning and the claims of using personalized encryption attacks that are reversible through paying the Power Worm Ransomware's fee are inaccurate, and show how little victims of threat attacks should trust their aggressors. As per usual file recovery recommendations, malware researchers advise maintaining non-local backups in cloud servers or peripheral devices that can restore data lost from a Power Worm Ransomware attack.
The Power Worm Ransomware is a simple script file, and most anti-malware products of good reputation should be able to remove the Power Worm Ransomware with no issues. These PC threats may be distributed by more than one method, popularly including spam e-mail attachments and corrupted advertising scripts. In almost all cases, using good browser security, scanning downloads and blocking unwanted Web content can help block file encryptors like the Power Worm Ransomware before they can get to your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.