Prisonlocker: A More Vicious Variant of Cryptolocker

Just when you thought it was safe to go back into cyberspace, Prisonlocker and new cryptolocker variations are defeated with RollBack Rx

Internet blogs are abuzz with rumors of a new ransomware trojan-creation utility currently being developed by hackers. This new do-it-yourself ransomware is called Prisonlocker (or PowerLocker) and is expected to be even nastier than Cryptolocker. According to these internet forums, hacker wannabes can create their own customizable version of Prisonlocker using this malware tool-kit and is expected to cost $100. So if CryptoLocker monetized malware infections, Prisonlocker takes the next logical step in the democratization of this malware-based extortion: It creates an affiliate marketing program along with OEM customization for hacker wannabes. Cyberspace is getting scarier by the minute!

What’s Ransomware and Why You Should Care

Ransomware is a computer infection that attempts to extort money from the victim. Earlier viruses and malware were usually just put together by programmers to demonstrate their abilities. While these malware may have spread quickly they didn’t do much harm to the host machines. Today, hackers are increasingly using these infections as an opportunity to make a quick profit. In fact, cyber thieves are making millions with CryptoLocker which is the most virulent and destructive incarnation of this new breed of ransomware.

For those unfamiliar with CryptoLocker here’s a quick recap: This is a malware that surfaced in early September 2013 and locks files stored on the host computer by encrypting them using 2048-bit AES and RSA encryption which is effectively uncrackable; it would take a supercomputer a few thousand years to run through the various combinations to decrypt those files. A message screen appears soon after the infection that demands payment of about $300 in BitCoins or MoneyPak vouchers to recover these files. And once files are encrypted the victim’s best chance of recovering files is to pay the ransom.

CryptoLocker: Reloaded

They’re back! This do-it-yourself ransomware kit would allow black market criminals to extort money by spreading their own customized version of Prisonlocker. The Hack Forum (where the criminal minds had their discussion) detailed how Prisonlocker, their new Frankenstein creation, will be worse than Cryptolocker:

It will prevent its victim PC users from undertaking actions that would attempt to remove the malware by disabling some Windows functions such as Task Manager, the command prompt, and registry editor msconfig.exe, Windows Explorer as well as detecting and disabling removal utilities. All of which should make it more difficult to detect and block the ransomware.

It will demand payments using BitCoin e-voucher, uKash, or PaySafe (none of which generate transaction trails) and will allow the cybercriminals to specify the ransom price. Failure to pay will mean the loss of all your precious data: personal vacation photos, financial documents, work-related materials, contacts, et cetera.

Other recent developments on the CryptoLocker code also include turning its Trojan core into to a worm so that it searches for flash drives and mapped or connected network drives and infects them too.

So What Should You Do?

Here are a few recommendations on what you can do to minimize your risks of an infection:

Users should avoid opening email attachments. Know the extensions of the files you double-click on. Be especially careful about opening Zip or EXE files. Many malware attachments come disguised as other types of files but have multiple extensions.

Avoid plugging questionable USB drives onto your computer. If you find a strange flash drive it’s not a good idea to plug it into your computer to see what may be on it.

Create backups regularly. The main reason most folks don’t backup regularly is that it takes a long time to create these backups and to restore from these backups. This is where Horizon DataSys’ RollBack Rx comes in which I’ll cover in a minute.

The Cryptolocker Trojan and now Prisonlocker completely bypass most virus protection software. You are not safe from these infections if your front line of defense is an anti-virus program. Virus removal entails patching or updating existing definitions and quarantining the malware. Once an infection has taken place many malware programs attempt to shut down the anti-virus program or stop these programs from starting up. But since the malware removal utility has been bypassed there’s simply nothing it can do to prevent the damage the ransomware now wreaks. Virus scanners have been successful in removing Cryptolocker and Prisonlocker but they haven’t been able to recover the encrypted files.

RollBack Rx Is The #1 Recommended CryptoLocker Removal Utility

Internet security experts agree that the best recommendation to completely remove Prisonlocker even after your computer has been infected is to take the proactive step of installing RollBack Rx. RollBack Rx has been proven to remove all traces of an infection and to recover encrypted files. But you must have RollBack Rx installed in advance for it to work. Horizon DataSys’ RollBack Rx is the only solution that’s guaranteed to keep your system safe and protected from Cryptolocker, Prisonlocker, and other such serious malware.