ProLock Ransomware Sample Download
A new ransomware called PwndLocker appeared in early March , targeting corporate networks, but after a short time Emsisoft researchers Michael Gillespie and Fabian Wosar identified a bug that allowed them to create a decryptor to recover the files without paying the ransom.
In the following weeks, the ransomware changed to ProLock Ransomware. According to what was discovered by the researcher Sophos PeterM , the new version is conveyed through a BMP image called WinMgr.bmp . The ransomware executable is embedded in the image. The BMP file is displayed correctly but it also contains binary data which are subsequently reassembled by a PowerShell script which injects them directly into memory. The ransomware encrypts the files on the device by adding the .proLock extension
In each folder that has been scanned, ProLock will create a ransom note called [How to recover files] .txt containing instructions and payment information.
In the following weeks, the ransomware changed to ProLock Ransomware. According to what was discovered by the researcher Sophos PeterM , the new version is conveyed through a BMP image called WinMgr.bmp . The ransomware executable is embedded in the image. The BMP file is displayed correctly but it also contains binary data which are subsequently reassembled by a PowerShell script which injects them directly into memory. The ransomware encrypts the files on the device by adding the .proLock extension
In each folder that has been scanned, ProLock will create a ransom note called [How to recover files] .txt containing instructions and payment information.
ProLock Ransomware Signatures
Family: MD5: c579341f86f7e962719c7113943bb6e4 SHA256: a6ded68af5a6e5cc8c1adee029347ec72da3b10a439d98f79f4b15801abd7af0
ProLock Ransomware Download
Click to Load Comments
