New ransomware called Prison Locker should soon be hitting an exploit near you, researchers said.
The malware, the researchers said, is dangerous and cheap as it only costs $100 to acquire.
Prison Locker, also called Power Locker, comes from the CryptoLocker ransomware, which launched in September 2013 and researchers said infected thousands of computers.
Security firm Malware Must Die first identified Prison Locker in a blog post last Friday. The malware encrypts all files except system files and .exe files on hard drives and shared drives with “practically uncrackable” RSA-2048 encryption, the researchers said.
Researchers have been following the ransomware’s development via hacker forums and said it was about to launch. They immediately notified law enforcement agencies including Interpol, Europol and the FBI.
Their blog quotes the malware author as saying: “I am in the final stages of developing a CryptoLocker which locks a window in place along with encrypting files. If you are interested in buying message me (giving the author’s email address). The regular price will be US $100.”
Prison Locker will effectively be a ransomware kit that criminals can customize for their own use. Prison Locker has features designed to prevent detection. Infected users will get a limited time to pay the required ransom before the decryption key permanently deletes, which is a ploy similar to CryptoLocker.
CryptoLocker typically demands a ransom of two bitcoins to unlock the victim’s files. If users wait more than three days, the ransom goes up to 10 bitcoins.
This week, researchers at Symantec said Prison Locker may already by out in the environment. Senior threat intelligence analyst Stephen Doherty said they have a copy of ransomware they strongly suspect to be Prison Locker, and are now trying to reverse engineer it.