- PowerLocker Brand New RansomWare - C/C++
- Hello everyone,
- I am here today to tell you about my project that I have been working on for a while now. It is a ransomware coded in C/C++, which encrypts files belonging to the victim PC and then locks the screen, demanding a ransom. Since I can only code C/C++, I have obtained a partner: Porphyry (admin of maldev.net). He is coding the panel and helping with the GUI, and is helping with sales. He is my partner, but I am the coder of the main locker and encryption modules. If you have any questions you can contact me or him (my Jabber: firstname.lastname@example.org), but ATM all sales will go through me also. If you have any questions about the code or anything related to specifics of the bot (other than the panel and GUI), I am your guy. Anyways, I will outline technical specifications for the encryption module of the malware below:
- Encrypts all personal files (basically all except .exe, .dll, .sys, other system files) with BlowFish.
- The uniquely generated (new one for each file) BlowFish key is then encrypted with RSA-2048 encryption (one RSA keypair per PC).
- Encrypts all files on harddrive(s) and shared drive(s) also.
- You can either approve or deny (resetting the removal clock duration, specified by you during purchase) a payment code, and then unlock/decrypt files on the PC (identified by its IP).
- Attributes of the locking part of the bot:
- Detects basic VM, sandbox, and debugger environments. This is not a highlight of the bot but is still a useful feature to have. Can detect the majority of debuggers (unless an external stealth plugin is used), virtual machines, and a couple of sandboxes.
- Disables the Windows and Escape key to prevent unwanted user actions.
- Kills the following windows processes to prevent unwanted user actions: taskmgr.exe, regedit.exe, cmd.exe, explorer.exe, and msconfig.exe. A thread checks for their existence every few miliseconds, killing them if they are present.
- Sets up the locked window in a new Desktop, making Alt+Tab useless and making all other open applications irrelevant. A thread makes sure that the user is in the locker desktop environment every few miliseconds, switching to it if the user is not.
- Of course the bot has standard features including startup in both regular boot mode and safe boot under HKCU. Currently the file is FUD at scan-time, and has not been tested run-time. The bot only drops one file which you can choose location and name, currently no hooks are put in to hide the file (this is not meant to be a stealth malware, obviously) but the file is simply made as hidden and system.
- Multiple parts of the bot are customizable to the customer, including:
- The duration of time before bot uninstalls itself.
- Many other things like the directory you would like the bot to reside, and filename (currently just in temp under random name).
- The amount of money the victim is told to pay (the payment options for the victim are BTC e-voucher codes, uKash, and PaySafe).
- The username and password of the admin panel can be changed from phpmyadmin on your server. It is HIGHLY recommended that you do this directly after buying as you do not want someone to log into your panel before you change the info from the default. ATM, the default is admin:admin, I will obviously let the buyer know this during purchase though.
- On the topic of customization, the bot has a HTTP panel which will be used to control slaves and receive payment codes entered by slaves. You must have a server ready to be used when you contact either me or my partner for purchase. I must implement this into the bot, as I do not have a builder made yet. We will be releasing subsequent versions of the bot, containing support for more languages, updated functions coded by me, and things such as a builder (possibly) and a dropper (again, possibly). None of this is set in stone but is extremely likely in the future. ATM the only language the GUI is provided in is English. Below I will show a couple of screenshots from what is done of the panel so far (I will explain the "so far" part after the screenshots):
- So, as I said above the panel will be completed shortly. We are not completely finished, but are very close to release. Specifically, the panel is left to be finished, a couple of functions are left to be debugged, and we must test stability on different OS's. You should expect the product's release sometime this weekend (very likely, unless there is a holdup like a major bug found etc). Finally, we are selling PowerLocker for $100 USD, in BTC only at the moment. Rebuilds will be $25 (again BTC), and a ghost panel (http://i.imgur.com/ra966HI.png) is $20 (again BTC). The point of the ghost panel is to prevent suspicion from the login panel and to prevent your panel from being easily found by random people. We plan to encode the panel in IonCube.
- If you have any questions you may ask here and expect a response from me or Porphyry, or message me on jabber: email@example.com , contact Porphry for his jabber. We hope you consider buying PowerLocker at its impressive price point for its functionality. And expect release very soon!