MalwareMustDie(MMD) Team came across an advertisement in an underground forum where an Individual is trying to sell his new Ransomware, called Power Locker also known as Prison Locker.
The Cybercriminal goes by online moniker "gyx" coded the malware in C/C++ and advertizing the ransomware in various underground forums.
The ransomware in question is said to have many features such as "detecting the Debugger and Virtual Machines in order to avoid being analyzed by security researchers", "Displaying warning window in a new desktop".
At the starting, "gyx" asked others to help him to code the GUI part of the malware and promised to pay them. Member of MalwareMustDie Team disguised himself as malware coder and had an IRC chat with him. He also managed to get the source code of the malware. You can find the full conversation here.
MMD Team has doxed the Gyx and collected some interesting info about the identity of the malware author. The dox leads to a person claimed to be a security researcher who is blogging about security ("wenhsl.blogspot.in/"). They also identified the twitter account of him(@wenhsl).
The fun fact is that he was also trying to communicate with MalwareMustdie from his twitter account.
The Cybercriminal goes by online moniker "gyx" coded the malware in C/C++ and advertizing the ransomware in various underground forums.
The ransomware in question is said to have many features such as "detecting the Debugger and Virtual Machines in order to avoid being analyzed by security researchers", "Displaying warning window in a new desktop".
At the starting, "gyx" asked others to help him to code the GUI part of the malware and promised to pay them. Member of MalwareMustDie Team disguised himself as malware coder and had an IRC chat with him. He also managed to get the source code of the malware. You can find the full conversation here.
MMD Team has doxed the Gyx and collected some interesting info about the identity of the malware author. The dox leads to a person claimed to be a security researcher who is blogging about security ("wenhsl.blogspot.in/"). They also identified the twitter account of him(@wenhsl).
The fun fact is that he was also trying to communicate with MalwareMustdie from his twitter account.
