Ransomware which identifies as a different type of Bitcoin ransomware is not something we see every day. Scare and intimidation tactics are not uncommon in the world of malware and malicious tools, though. Powerware, a new ransomware recently discovered seems to take on the appearance of Locky. The goal is rather simple: scare victims into paying the Bitcoin ransom. PowerWare Is PiggyBacking in An Odd Way
As if ransomware is not a big enough threat, things get even more interesting when one malware tries to be something else. The latest variant of the PowerWare ransomware is riding on the Locky coattails, as the developers hope to increase their revenue by employing this tactic.
What this new version of PowerWare does is use the same file extension to encrypt data as if Locky would be involved. Moreover, the same ransom note is being used, and the help instructions are a clear copy of the Locky message.An interesting tactic for sure, although it remains to be seen how successful this approach will be.
It has to be said; PowerWare is one of the less powerful types of ransomware in the wild today. With static hard-coded encryption keys and its “weaker” psychological approach, PowerWare has not been a significant source of revenue so far. Mimicking a more powerful and evolved version of malware puts a different spin on things for sure.
To be more precise, it is possible to decrypt PowerWare with a very simple Python script . Security researchers of Unit 42 put together this script quite some time ago, which lets users restore file access without paying a dime. It is not the first time ransomware can be decrypted with relative ease, so PowerWare is not the exception in this regard.
What is even more surprising is how PowerWare has been attempting to […]
