Feeds

Prison Locker: A load of überhyped malware FUD over... internet chatter

Forum posts about building a net nasty don't mean it's a live threat, folks

High performance access to file storage

An underground advert seeking help in developing a file-encrypting ransomware kit that might be sold for just $100 a go sparked something of a panic on the interwebs this week.

But security watchers are yet to see any samples of the so-called Prison Locker ransomware, leading at least two security firms to characterise the threat as intangible and overhyped.

Security researchers at MalwareMustDie posted a blog entry last Friday featuring screenshots from underground forums where a malign coder sought help to develop a file-encrypting ransomware creation kit.

There was no hard evidence of anything beyond a project in progress which may or may not come to fruition. Nonetheless, the post sparked plenty of excitable headlines about how the "Prison Locker virus threatens to flood the market" and how the threat is supposedly "bigger and meaner" than CryptoLocker.

CryptoLocker, the infamous Bitcoin-demanding ransomware menace, has infected as many as a quarter of a million machines since it first surfaced last September, according to research from Dell SecureWorks’ Counter Threat Unit. Earlier versions of CryptoLocker typically arrived in email as an executable file disguised as a PDF, packed into a .zip attachment, while more recent variants have gained the capability to spread like a worm across infected USB devices.

File-encrypted ransomware is a lucrative and now proven type of cybercrime and there's little doubt we'll see more copycats in this area, perhaps even strains that infect computers which aren't running Windows. But it's a leap of faith to imagine that the Prison Locker toolkit will deliver this nightmare scenario, especially at the ridiculously low prices quoted: far below the $1,000s in typical costs to buy malware creation kits through underground forums.

The Prison Locker ransomware kit plot may or may not be a genuine malware development project. MalwareMustDie only offered up the screenshots of suspicious activity on underground forums as something for security researchers to be aware of and (primarily) as something that law enforcement might want to investigate.

But in the absence of any malware created by the toolkit – or even anything much beyond a basic plan – fears about Prison Locker, cooked up by normally reliable media outlets rather than MalwareMustDie directly, are something of a phantom menace perhaps akin to worrying about a possible volcano eruption in the midst of widespread damage caused by flooding.

Researchers at security tools firm AlienVault and web and email security firm AppRiver's researchers both downplayed the threat posed by Prison Locker, which has yet to to result in any real world threat – and, perhaps, never will.

Jaime Blasco, director at AlienVault Labs, commented: "Based on the research I did on this and checking my sources, most of PowerLocker/PrisonLocker is a hype since the only information available is a guy that is supposedly developing this new ransomware – but it is not still ready. We don't know the status of the project but one thing is clear: there are no samples available of this threat."

Troy Gill, a security analyst at AppRiver, added: "I don’t think that this kit has been put into use yet, however it is quite concerning, since we have seen how widespread kits have become for cybercriminals. Of course just like Cryptolocker, the best way to protect your data is a cold back-up. As long as offline backups are made regularly, the damage inflicted by this malware will be minimal." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.