Poorly coded ransomware forgets your decryption key, locking up your data forever

Ransomware is undeniably one of the most threatening things today in the world of computer security. Once a computer's files gets encrypted, a victim mainly has only two options: say goodbye to the data forever, or decide to pay up. There are a few fixes that have been going around, generating the key needed to unlock files, but not everyone can benefit from it. But what if a ransomware program actually forgets your key, leaving you locked out from your files forever?

This is the current case of a new variant of a ransomware program called Power Worm. This program formerly targets only Microsoft Excel and Word files, but the recent upgrade expanded the list of files it can target.

When a user's computer gets infected, the program will execute the usual encryption steps needed to lock up a computer's files. However, an error in the programming of Power Worm forgets to do a crucial step in encryption; it forgets the key needed to be able to unlock the PC. This means that if a victim pays up to unlock their computer, nothing will happen, and files will stay frozen as they are after encryption.

The error in the programming of the ransomware was first discovered by Nathan Scott, a malware researcher. He found out that this was a result of the developer's attempt to simplify the decryption process, by making the program only use one ID and code for every user, instead of assigning users with their own unique IDs. Unfortunately, upon coding this idea, the PowerShell script failed to decode a certain string, giving a NULL result, meaning empty value.

As a result, whenever a user gets infected with Power Worm, there will be no generated key, locking up the files for good. Even when a user pays up, it will garner no effect at all for the freedom of the computer files.

According to Lawrence Abrams of Bleeping Computer, unfortunately, there is nothing that can be done to free a computer and salvage its files, and the only way around it is to restore from a backup. For now, we advise everyone to stay safe on the internet, and avoid things that look too good to be true.

Just recently, an alarming issue about ransomware surfaced. A related program called CryptoWall has been updated, which scrambles a computer's file names, in order to make them even more inaccessible to victims.

Source: BBC | Image via Biz-tec.mx

Report a problem with article
Previous Story

Tech support reps are recommending users to uninstall Windows 10 to resolve PC problems

Next Story

Intocircuit's 32000mAh power bank review; refuses to leave you powerless

27 Comments - Add comment

Advertisement