PureLocker Ransomware

The PureLocker Ransomware is a file-locking Trojan that's written in PureBasic and contains noteworthy anti-analysis and obfuscation features. Its attacks are compromising enterprise-grade servers via various exploits currently and blocking data files for ransoms. Appropriate backup strategies will reduce the harm that an outbreak can cause, and users can update their anti-malware solutions regularly for removing the PureLocker Ransomware as soon as possible.

The Purest Problem a Business's Servers can Confront

A new family of Ransomware-as-a-Service Trojans is rising to compete with the likes of the Scarab Ransomware, the Asia-ravaging STOP Ransomware, and the occasionally anti-virus-mimicking Dharma Ransomware families. The PureLocker Ransomware is, however, leveraging some technically impressive features and code design for making itself a potential asset to criminals who are looking to upgrade from past RaaS offerings. While it holds the usual, encryption-related dangers, the PureLocker Ransomware also has many advantages hitherto unseen in many similar programs.

The PureLocker Ransomware's primary benefit, first and foremost, is its use of the PureBasic programming language instead of a more traditional option, like C++ or Python. This language gives the PureLocker Ransomware the potential for porting to Windows, Linux, and Mac's OS X equally easily, although malware analysts can't confirm the latter in current samples. The PureLocker Ransomware also holds significant obfuscation qualities, such as a SpicyOmelette loading component, fake, music-themed code, and self-termination functionality in analysis environments.

The above characteristics grant the PureLocker Ransomware a broad potential for its pools of victims but also have given it a cover for avoiding detection for several months in 2019. The elements of its final payload are, however, more in keeping with those of a typical RaaS. It uses what malware experts are noting as traditional AES and RSA encryption for locking media, and drops a TXT ransom note with the threat actor's e-mail after the fact. Current data suggests that the ransom is in cryptocurrency, such as Bitcoin, although the amount is unknown.

Attending to Cryptographic Impurities in Your File Data

While any criminal could hire a Ransomware-as-a-Service like the PureLocker Ransomware and circulate it with the exploits of their preference, current attacks are using manual-targeted methods. Hackers may brute-force a server with weak credentials, scan for vulnerabilities related to outdated software or port settings or use RDP (if it's open to the internet). In these cases, they can run the PureLocker Ransomware, lock content, and remove the evidence of the infection vector while holding the server's data files as hostages.

As expressed previously, the PureLocker Ransomware is compatible with most OSes, unlike many file-locking Trojans that target OS X, Windows, Linux, Android, etc., singularly. Network and server administrators should mind their best practices for security. All workers also should pay attention to e-mail-related content that they open, such as attached invoices, which can harbor exploits that drop Trojans like the PureLocker Ransomware.

Because of its stealth features, malware experts urge the updating of all anti-malware services especially for deleting the PureLocker Ransomware accurately ASAP.

The PureLocker Ransomware's business is putting its best foot forward for any criminals who have a mind for snaring victims without leaving their tools open to analysis. Whether it's a unique situation or a long-term family such as the Dharma Ransomware, the world will have to wait to see.