Home Malware Programs Ransomware Power Worm Ransomware

Power Worm Ransomware

Posted: November 11, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 99
First Seen: November 11, 2015
OS(es) Affected: Windows

The Power Worm Ransomware is a PowerShell script Trojan that encrypts your files in attempts to ransom them for money. However, the Power Worm Ransomware's ransom message delivers inaccurate information about its features, and its file encryption attack is bugged currently, making your files undecryptable. The state of this threat only lends additional credence to the standard advice of malware experts when dealing with file encryptors, which is is to use anti-malware products for their removal and remote backups to save your files.

The Power Worm Ransomware: A Trojan Coded for Powerlessness

Threatening software may exploit PowerShell, a default Windows app, for purposes ranging from ease of use to protecting themselves from anti-malware detections. However, despite the simplicity of PowerShell threats like CoreBot and Poweliks, threat developers still have room for potentially severe coding errors. The Power Worm Ransomware is one of the most obvious examples of what happens when a poorly-coded Trojan botches its payload: the intended 'ransom' process may take your money, but is incapable of restoring your files.

The Power Worm Ransomware scans for files on your hard drive and encrypts the ones of particularly popular or important types, such as JPG, TXT, DOC, ZIP and MP3. After being encrypted, a file can no longer be opened or read. The Power Worm Ransomware also deletes local backup information that Windows could use to restore your files. However, the Power Worm Ransomware's encryption routine includes a typo in its string conversion that causes the Trojan to use a randomized key that it fails to save. Based on other areas of its code, malware researchers estimate that the Power Worm Ransomware originally was meant to use a single, preset key for all victims, despite its ransom instructions claiming that its attacks are personalized.

As a result of its flaw (deriving from a simple, missing equals sign in its code), the Power Worm Ransomware is unable to reverse its attacks and its administrator has no means of restoring your files in exchange for your ransom money.

Following Up on a Less than Honest Ransom

The Power Worm Ransomware's ransom note is almost identical to a previous one circulated by the CryptoWall Ransomware, albeit with an additional time duration-based warning. Both this warning and the claims of using personalized encryption attacks that are reversible through paying the Power Worm Ransomware's fee are inaccurate, and show how little victims of threat attacks should trust their aggressors. As per usual file recovery recommendations, malware researchers advise maintaining non-local backups in cloud servers or peripheral devices that can restore data lost from a Power Worm Ransomware attack.

The Power Worm Ransomware is a simple script file, and most anti-malware products of good reputation should be able to remove the Power Worm Ransomware with no issues. These PC threats may be distributed by more than one method, popularly including spam e-mail attachments and corrupted advertising scripts. In almost all cases, using good browser security, scanning downloads and blocking unwanted Web content can help block file encryptors like the Power Worm Ransomware before they can get to your files.

Related Posts

Loading...