Variant of Power Worm locks away data of victims indefinitely
Security experts say that coding errors in a malicious program that encrypts data means that anyone hit by the Power Worm virus won't be able to recover their files.
Security experts say that coding errors in a malicious program that encrypts data means that anyone hit by the Power Worm virus won't be able to recover their files. But there is one variant of Power Worm that demolishes keys that can help recover lost data. This new development comes as hackers produce ransomware aimed at websites and encrypt data sitting on servers.
Power Worm infects Microsoft Word and Excel files, but the most recent update goes after more types of data files it discovers on a victim's machine. Nathan Scott, a malware researcher, found the variant and uncovered the errors its creator made when updating it. Scott feels the errors came about when the creator attempted the decryption process. They tried making it use one decryption key, but mutilated the process of generating it. Due to this, there is no key created for the files it encrypts when a computer is compromised.
According to malware researcher Lawrence Abrams, if affected by the ransomware a user's only option is to restore from a back-up. Abrams advises anyone hit by Power Worm not to pay the bitcoin ransom (about £500) as they won't get any data back.
"When it comes to this type of malware, there are generally two groups out there. On one hand, there are well-funded professional hackers that work as a team to ensure their actions result in significant monetary gains. At the other end of the scale is what are traditionally called 'script kiddies'; lone operators that emulate others to try and make a quick gain, or to prove themselves by reworking existing malicious code. In this second group, mistakes of this nature are often made because they lack the discipline or knowledge of more advance groups,” says Thomas Fischer, principal threat researcher at Digital Guardian.