01-13-2014 02:12 PM
Net bandits have been flocking to ransomware because it is proving an easy way to make a quick buck. You infect someone's computer, encrypt all their files, and demand a ransom to decrypt them. It's becoming more popular due to new capabilities -- e.g., the ability to detect virtual machines and alter its behavior, the ability to detect sandboxes, and the use of Bitcoins for anonymous payments.
Up to now, the malware program CryptoLocker has been king of the ransomware roost, but PowerLocker (formerly PrisonLocker) may present a new challenge.
"It has some interesting countermeasures to thwart researchers," Harry Sverdlove, CTO of Bit9, told TechNewsWorld.
Among those countermeasures are the ability to determine if it's running on a virtual machine -- and if so, to alter its behavior. Researchers will run questionable programs on virtual systems to avoid infecting a networked box.
"We don't know what that behavior would be, but presumably it would be to act benign," Sverdlove said.
PowerLocker also has sandbox detection. Software sandboxes are used to isolate an app's behavior and prevent it from spreading any nastiness it may contain.
One way to thwart ransomware is to maintain a good backup regimen, so if one data set gets involuntarily encrypted, a backup set can be used to restore it. PowerLocker's authors appear to have thought of that angle, too.
"It can scan removable devices, looking for potential backups or other tertiary files so it can encrypt those as well," Sverdlove said.
"The authors have taken some of the lessons learned from CryptoLocker and improved upon it," he added. "It's the next-generation CryptoLocker."
Ransomware has been around for sometime, but its recent rise in popularity may be linked to better means for collecting unjust rewards.
"What makes ransomware more popular now is the anonymity by which you can make and receive payments," Sverdlove said.
One of those ways is through the digital currency Bitcoin, which "allows people to get money anonymously," said Greg Foss, a senior security research engineer with LogRhythm.
"That's part of why the CryptoLocker campaign has been so successful," he told TechNewsWorld.