3 min read

Buggy ransomware locks up your data, then throws away the encryption key

Graham CLULEY

November 10, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Buggy ransomware locks up your data, then throws away the encryption key

Normally when security researchers find a bug in a piece of malware the last thing they want to do is tell the malicious code’s creator about it.

After all, don’t bugs in bad software have to be a good thing? Well, that’s not necessarily the case.

Take, for instance, the Power Worm ransomware.

Normally ransomware encrypts your files, displays a ransom demand (which could cost you in the region of $1000, typically payable in the form of Bitcoins), and makes your data inaccessible until you pay up. Only the bad guys hold the key to decrypt your files – which means that your only options may be to pay the ransom or hope that you have a secure backup.

But, as Bleeping Computer reports, the Power Worm ransomware has one serious bug.

power-worm-screenshot

Source: Bleeping Computer

The author of this new variant of Power Worm – so named because it is written in Windows PowerShell – wanted to use the same decryption key for each infected PC. In their point of view I imagine it made some sense to take that shortcut – if everyone had the same decryption key, they could skip having to create a complicated payment site for victims and generating a unique decryptor for each “customer”.

But a goof in the Power Worm code means that a random key was used to encrypt each and every victim’s data. No record is kept of that random key, so recovery of the encrypted data is impossible.

Yes, I know it’s disappointing to find that malware can be just as buggy as legitimate software, and that the online criminals aren’t doing proper testing of their products before release.

But that’s why Bleeping Computer has taken the unusual step of telling the ransomware author how to fix the bug in their code:

At BleepingComputer we never disclose bugs in a ransomware infection as that will just alert the developer and cause them to fix the weakness. In this particular case, though, we are going to tell the developer how to fix his mistake so that he doesn’t continue to destroy his victim’s data going forward. In our opinion, if a person becomes infected, we would rather they have a fighting chance of recovering their files rather than no chance at all.

FBI agent Joseph Bonavolonta courted controversy last month when he told companies that in some cases ransomware was so competently written that the best choice may be to give in to the extortionists’ demands:

“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

Personally, although I understand the difficult situations businesses and home users might find themselves in and the tough decisions they may need to make, I’m not a fan of filling the bank accounts of criminals.

I guess we can thank the authors of Power Worm that they have thrown away their encryption key through a programming error –
making that usually tricky decision of whether to pay or not easy for its victims. There is simply no point paying the criminals if you have been hit by Power Worm, unless you made a backup your data is gone.

Don’t play Russian Roulette with your data and precious files. Ensure that you have a rigorous backup regime that will mean, even if you are unfortunate enough to suffer a damaging attack, you will always be able to restore your system from a backup.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read