PureLocker Ransomware that encrypts servers

Being a variant of ransomware that is threatening organizations around the world. This is PureLocker, a ransomware that is being used in targeted attacks against company servers, and which appears to have links to notorious cybercriminal groups.

Remember that ransomware is a malicious program that hijacks information and requests ransom money in exchange for the key to undo the encryption. PureLocker has the characteristic of being able to affect most of the operating systems. It is carefully designed to evade detection, hiding dubious behavior in sandbox environments, posing as the cryptographic library ‘Crypto++’ and using functions normally seen in libraries for music playback. If it determines that it is running in a debugging environment, it closes immediately.

They called it PureLocker because it is written in the PureBasic programming language. This choice of language is unusual, but for attackers it offers several advantages, such as the difficulty for cybersecurity vendors to generate reliable detection signatures for malicious software written in this language. What’s more, PureBasic is easily transferable between Windows, Linux, and OS-X, making it easy to attack other platforms.

Targeting your victims’ servers could be a way to get even more money. Attacks against servers often lead to ransom demands of hundreds of thousands of euros. This is because organizations often store their most important data here, making them more likely to be willing to pay higher amounts to retrieve this critical information.

What we can do to protect ourselves from PureLocker

▸Avoid opening files and / or links from unknown sources, whether received by email or downloaded from untrustworthy websites.

▸Back up all critical information for your organization.

▸Keep the backup system separate.

▸Isolate infected computers from the network.

Read also:
Pysa Ransomware – A Danger for your data
The First Ransomware in the world – When it all started

---