Threat from new malware kit 'Prisonlocker' is overhyped, say researchers

Fears of a new CryptoLocker are unfounded - for now

TODO alt text

An advert posted online seeking aid in the development in a new and cheap ransomeware kit caused worry among security firms and companies this week, but researchers have yet to see any hard evidence of its existence.

Security researchers at MalwareMustDie posted a blog entry featuring a screenshot of the post on an underground forum. The post immediately caused connections to be made with CryptoLocker.

CryptoLocker, a ransomware virus, has infected around a quarter of a million machines since it first appeared in September 2013. According to research by Dell SecureWorks, earlier versions infected users through email attachments disguised as a PDF.

File-encrypted ransomware is a lucrative and now proven type of cybercrime, but the creator of PrisonLocker offers his kit for only $100s, not the typical $1,000 or more price tag most creation kits carry on underground forums.

Concerning

Researchers at security tools firm AlienVault and web and email security firm AppRiver both downplayed the threat posed by PrisonLocker, which has yet to result in any real world threat and, perhaps, never will.

Jaime Blasco, director at AlienVault Labs, told The Register: "Based on the research I did on this and checking my sources, most of PowerLocker/PrisonLocker is hype since the only information available is a person that is supposedly developing this new ransomware – but it is not still ready."

Troy Gill, a security analyst at AppRiver, added: "I don't think that this kit has been put into use yet, however it is quite concerning, since we have seen how widespread kits have become for cybercriminals."

"Of course just like CryptoLocker, the best way to protect your data is a cold back-up. As long as offline backups are made regularly, the damage inflicted by this malware will be minimal."

Cryptolocker already infects around 250,000 computers in the UK