Skip to main content

Poorly written malware demands a ransom, but never releases your files

mac malware rising malwarebytes remediation business macvirus1
Kaspars/Shutterstock
Computer viruses are a lot like real-world viruses, with different mutations and rewritten versions constantly in circulation. Some of them are just rehashes of other spyware and malware, but virus designers are as prone to bugs as any other coder. A newly discovered version of the Power Worm, a ransomware virus written for the Power Shell, actually has a bug that causes it not to work as expected, and in a way that’s detrimental to both affected users and whoever wrote it, according to a report from Bleeping Computer.

A ransomware virus is actually a fairly simple concept. The malware goes through the infected system, encrypts all of the files, then demands payment, usually to a bitcoin address, in exchange for the decryption key that will unlock all of your files.

In the case of this special version of the Power Worm malware, the encryption method is executed properly, but the virus never stores the key that’s used to encrypt the files. That means that even if you decided to pay the ransom, which isn’t advisable, this particular virus won’t be able to decrypt the files.

The slip-up is actually a result of the hacker who wrote the code trying to cut a corner that’s often a sticking point for ransomware. Instead of assigning each user a new ID so that the encryption key can be recovered for them, the system is supposed to use the same ID and code for every user. Unfortunately, when the code was rewritten with this change in mind, an error was made that causes the key to be set to NULL after finishing.

The result is a computer full of files that are permanently encrypted, a sad situation to be sure, but at least affected users will know that paying would do them no good. You’ll know if you’ve been struck by this particular, poorly-written, version of the Power Worm bug if the DECRPYT_INSTRUCTION.html file it creates lists the ID# as qDgx5Bs8H, but again, paying the ransom isn’t advisable regardless of the origin of the malware.

Brad Bourque
Former Digital Trends Contributor
Brad Bourque is a native Portlander, devout nerd, and craft beer enthusiast. He studied creative writing at Willamette…
This malware infects your motherboard and is almost impossible to remove
A digital encrypted lock with data multilayers.

Researchers have discovered malware that has been secretly infecting systems featuring Asus and Gigabyte motherboards for at least six years.

Since 2016, Chinese-speaking hackers have been infiltrating machines with the CosmicStrand malware, according to a report from Bleeping Computer.

Read more
This dangerous Mac malware can infiltrate your entire system
A depiction of a hacker breaking into a system via the use of code.

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

Read more
Oh great, new malware lets hackers hijack your Wi-Fi router
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As if you didn't already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

Read more