A ransomware virus is actually a fairly simple concept. The malware goes through the infected system, encrypts all of the files, then demands payment, usually to a bitcoin address, in exchange for the decryption key that will unlock all of your files.
In the case of this special version of the Power Worm malware, the encryption method is executed properly, but the virus never stores the key that’s used to encrypt the files. That means that even if you decided to pay the ransom, which isn’t advisable, this particular virus won’t be able to decrypt the files.
The slip-up is actually a result of the hacker who wrote the code trying to cut a corner that’s often a sticking point for ransomware. Instead of assigning each user a new ID so that the encryption key can be recovered for them, the system is supposed to use the same ID and code for every user. Unfortunately, when the code was rewritten with this change in mind, an error was made that causes the key to be set to NULL after finishing.
The result is a computer full of files that are permanently encrypted, a sad situation to be sure, but at least affected users will know that paying would do them no good. You’ll know if you’ve been struck by this particular, poorly-written, version of the Power Worm bug if the DECRPYT_INSTRUCTION.html file it creates lists the ID# as qDgx5Bs8H, but again, paying the ransom isn’t advisable regardless of the origin of the malware.
Editors' Recommendations
- This Mac malware can steal your credit card data in seconds
- Nullmixer is a nasty, new Windows malware dropper
- Malware has a terrible new way to get to your computer
- This malware infects your motherboard and is almost impossible to remove
- This dangerous Mac malware can infiltrate your entire system
