Home Malware Programs Ransomware PwndLocker Ransomware

PwndLocker Ransomware

Posted: March 3, 2020

The PwndLocker Ransomware is an independent file-locking Trojan. In addition to using encryption for keeping media from opening on your computer, it can disable other programs and delete Windows backups. Users should have reliable security protocols and backup schedules for counteracting attacks, and anti-malware applications for deleting the PwndLocker Ransomware properly.

Pwning Networks for Making Hundreds of Thousands

NGOs, governments, and even multinational corporations are hardly immune to the same file-locker Trojan attacks that random users fall for every day online. While the means of infiltration, usually, differs from such smaller-scale assaults, the payloads are relatively consistent in their wielding encryption, as a blunt instrument of data sabotage. The PwndLocker Ransomware is an exceptionally pricy display of this illegal business model at work, even against the highest-end of targets.

The PwndLocker Ransomware targets Windows systems and encrypts a majority of file formats, excepting some essential ones, according to their extensions and folders. After encrypting the content, it may add a different extension to their names, such as 'key' or 'pwned,' but doesn't erase the preexisting one ('for-example.bmp.key'). Malware analysts also confirm the PwndLocker Ransomware closing multiple applications automatically, first, including security software, server backup tools, and general-purpose applications like Web browsers and Microsoft Office products.

The PwndLocker Ransomware monetizes the encryption attack through an English text message, although it contains several spelling errors. It redirects victims to a TOR site with in-depth ransoming details, including a two-file demonstration of the decryptor and semi-live support. The cost in the PwndLocker Ransomware sets it well above those of similar Trojans like theĀ STOP Ransomware or theĀ Globe Ransomware: this Trojan is asking for a minimum of six-digit fees, up to over half a million dollars, which varies with the infected network's size.

Expressing 'Pwnership' Over Your Network's Contents

As one may anticipate from such an expensive campaign, the PwndLocker Ransomware doesn't let users recover through the Restore Points and deletes that data during its attack. Although malware experts can't yet analyze the PwndLocker Ransomware encryption method for weaknesses, it's not likely that the threat actors are leaving any notable vulnerabilities in it. Unaccessible, sufficiently-secured backups are the most likely path victims have for recovering any encrypted media without taking the incredibly costly risk of the ransom.

The PwndLocker Ransomware infection vectors are unidentifiable at this time, but victims are notable in Illinois, USA, and the nation of Serbia. The expected pathways for the Trojan's distribution include:

  • Attackers may compromise networks with weak passwords. Strings that are short, widely in use, or have noted associations with factory defaults will provide inadequate protection from dictionary brute-force attacks and similar 'login guessing' hackings.
  • Networks with outdated server software also are at risk from software vulnerability-based attacks. In most cases, these issues are fixable by users installing the available patches.
  • Workers also may be victims of targeted phishing attempts, which can use e-mails with sophisticated and workplace-specific contents. Attachments with documents or spreadsheets containing macros are notable risks, particularly.

While it's one of the most expensive of file-locking Trojans, the PwndLocker Ransomware's features don't appear to include noteworthy identity obfuscation. Any machine with conventional anti-malware protection should remove the PwndLocker Ransomware and prevent infection automatically.

Like currency inflation, ransoms are climbing higher with some file-locker Trojans, reminding the world that even illicit businesses still are businesses. One can choose a means of protecting one's files or leaving them open to exploitation, with the PwndLocker Ransomware's admins, among others, happy to take advantage of the latter circumstance.

Loading...