PwndLocker Ransomware Aims Big With High Ransom Demands

  •  
  •  
  •  
  • 1
  • 1
  •  
  •  
    2
    Shares

Considering the growing money-making potential of ransomware, more and more criminals are stepping into the niche. Recently, another ransomware has surfaced online that is active in the wild. Dubbed PwndLocker ransomware, it targets businesses and cities to demand a high ransom.

About PwndLocker Ransomware

Researchers from MalwareHunterTeam have analyzed new ransomware that demands big ransoms. Identified as PwndLocker, the ransomware targets Windows systems and stops various services to encrypt data.

Many of the services it targets include Microsoft SQL Server, MySQL, Veeam, Exchange, Zoolz, Acronis, Oracle, Backup Exec, Internet Information Server (IIS). Also, it strikes some security programs as well, such as Kaspersky, Malwarebytes, Sophos, and McAfee.

After infecting a target system, it begins encrypting data files whilst renaming them with a .key or .pwnd extension. Though, this encryption is a selective process where the malware skips any specific system and executable files and files in certain folders.

The Ransomware deletes shadow volume copies to prevent potential recovery of data. Vitali Kremez has quickly shared his analysis in a tweet.

Once complete, the ransomware places the ransom note file entitled “H0w_T0_Rec0very_Files.txt” through the system and desktop. This note includes instructions for obtaining the decryption key.

What’s peculiar with PwndLocker is its variable demand for ransom that depends on the affordability of the target. As mentioned in their ransom note,

The price depends on the network size, number of employees and annual revenue.

Active Attacks Reported Recently

PwndLocker attracted the attention of the researchers after it became active in the wild. While the ransomware has been around since 2019, it recently came into limelight after repeated attacks on US cities. A few days earlier, it targeted Lasalle County in Illinois, and demanded 50 BTC in ransom. Although, officials are expressing their refusal to pay the ransom, according to reports.

Likewise, it has also recently targeted the City of Novi Sad in Serbia.

Currently the Ransomware encryption remains uncracked, therefore businesses and cities must ensure applying proactive security measures to prevent attack.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!