New PureLocker ransomware built for targeted attacks, linked to MaaS dealer
SCMagazine | November 14, 2019
A newly discovered ransomware called PureLocker is targeting the production servers of enterprises, while exhibiting some behavior that’s very unusual for most malicious encryptors.Among its quirky features: it’s written in the PureBasic programming language, which helps it avoid conventional anti-malware detection engines; it’s very picky about who it infects, only executing if the victim machine passes a series of checks; and it appears to be used as a later stage of a larger multi-stage attack. Researchers from Intezer and IBM X-Force IRIS analyzed the ransomware and detailed their findings in a joint blog post this week. “PureLocker is a rather unorthodox ransomware,” said Interzer security researcher Michael Kajiloti. “Instead of trying to infect as many victims as possible, it was designed to conceal its intentions and functionalities unless executed in the intended manner.