Buggy ransomware locks up your data, then throws away the encryption key
Normally when security researchers find a bug in a piece of malware the last thing they want to do is tell the malicious code’s creator about it.
After all, don’t bugs in bad software have to be a good thing? Well, that’s not necessarily the case.
Take, for instance, the Power Worm ransomware.
Normally ransomware encrypts your files, displays a ransom demand (which could cost you in the region of $1000, typically payable in the form of Bitcoins), and makes your data inaccessible until you pay up. Only the bad guys hold the key to decrypt your files – which means that your only options may be to pay the ransom or hope that you have a secure backup.
But, as Bleeping Computer reports, the Power Worm ransomware has one serious bug.
Source: Bleeping Computer
The author of this new variant of Power Worm – so named because it is written in Windows PowerShell – wanted to use the same decryption key for each infected PC. In their point of view I imagine it made some sense to take that shortcut – if everyone had the same decryption key, they could skip having to create a complicated payment site for victims and generating a unique decryptor for each “customer”.
But a goof in the Power Worm code means that a random key was used to encrypt each and every victim’s data. No record is kept of that random key, so recovery of the encrypted data is impossible.
Yes, I know it’s disappointing to find that malware can be just as buggy as legitimate software, and that the online criminals aren’t doing proper testing of their products before release.
But that’s why Bleeping Computer has taken the unusual step of telling the ransomware author how to fix the bug in their code:
At BleepingComputer we never disclose bugs in a ransomware infection as that will just alert the developer and cause them to fix the weakness. In this particular case, though, we are going to tell the developer how to fix his mistake so that he doesn’t continue to destroy his victim’s data going forward. In our opinion, if a person becomes infected, we would rather they have a fighting chance of recovering their files rather than no chance at all.
FBI agent Joseph Bonavolonta courted controversy last month when he told companies that in some cases ransomware was so competently written that the best choice may be to give in to the extortionists’ demands:
“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
Personally, although I understand the difficult situations businesses and home users might find themselves in and the tough decisions they may need to make, I’m not a fan of filling the bank accounts of criminals.
I guess we can thank the authors of Power Worm that they have thrown away their encryption key through a programming error –
making that usually tricky decision of whether to pay or not easy for its victims. There is simply no point paying the criminals if you have been hit by Power Worm, unless you made a backup your data is gone.
Don’t play Russian Roulette with your data and precious files. Ensure that you have a rigorous backup regime that will mean, even if you are unfortunate enough to suffer a damaging attack, you will always be able to restore your system from a backup.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021