New PwndLocker Ransomware Targeting U.S. Cities, Enterprises (Mar 2, 2020)
A new ransomware has been found targeting businesses and local governments within the United States. Discovered in late December 2019, the ransomware, dubbed “PwndLocker” by its creators, attempts to disable Windows services using the ‘net stop’ command, and targets processes to terminate when detected, such as security software and backup applications. BleepingComputer reports that ransom requests are of various amounts between $175,000 and $660,000 USD, requested in bitcoin for the decyrptor. There is one publicly named victim, Lasalle County of Illinois, and as of the time of this writing, it is not known if any victims have paid out a ransom.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS), but as this news shows, new threats are constantly evolving to bypass these protections. Always keep your important files backed up. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.