An unusual type of ransomware has been discovered that focuses specifically on servers. Analysts from Intezer and IBM X-Force have discovered the new ransomware and named it PureLocker.
The name is based on the programming language used, namely the PureBasic language. According to ZDNet, it is unusual for this programming language to be used for ransomware, but cybercriminals can use this fact as an advantage, because it makes it difficult for security providers to provide adequate measures. PureBasic is also transferable between Linux, Windows and OS X, which means that different platforms can easily be affected.
The attacks on servers are of the classic kind: the servers are locked, after which ransom has to be paid in the form of cryptocurrency in order to be able to use them again. There is also the threat of destroying data if no payment is made.
Ransomware for professionals
“Targeting servers means the attackers are trying to hit their victims where it really hurts, especially databases which store the most critical information of the organisation,” says Michael Kajiloti, security researcher at Intezer. According to researchers, the ransomware is probably only available to cybercriminals who are ready to pay a considerable amount of money in advance, to the ransomware providers.
The researchers also report that the ransomware is linked to some of the most notorious cybercrime groups, such as CobaltGang and FIN6. This, combined with the payment of money in advance, provides the ransomware with a rather exclusive aura, and could mean that the malicious software is designed for high-level criminals who know what they are doing.
When the ransomware ends up on a server, users are shown a ransom note telling them to contact an e-mail address, to negotiate a certain amount of ransom money. If this does not happen, the private key for decrypting the server will be deleted, and so will the encrypted data, effectively .