Attacks are being launched against servers, with the aim of holding them hostage and only returning them to operation after a cryptocurrency ransom has been paid. Ransomware attacks against servers often lead to demands for payments of hundreds of thousands of dollars in exchange for decrypting the systems, and can be accompanied by a threat to destroy the data if the ransom isn't paid.

However, it's also believed than rather than being offered to anyone who wants it, the service is offered as a bespoke tool, only available to cyber-criminal operations that can afford to pay a significant sum in the first place.

These tools have been used by some of the most prolific cyber-criminal groups operating today, including Cobalt Gang and FIN6 -- and the ransomware shares code with previous campaigns by these hacking gangs. It indicates that PureLocker is designed for criminals who know what they're doing and know how to hit a large organisation where it hurts.

It's currently uncertain how exactly PureLocker is delivered to victims, but researchers note that more_eggs campaigns begin with phishing emails, so the ransomware attacks could begin in the same way, with the final payload likely to be the final part of a multi-staged attack.

Those who become infected with PureLocker ransomware are presented with a ransom note telling the victim that they need to contact an email address to negotiate a fee for decrypting the files. The user is also warned that they only have seven days to pay the ransom and that if they don't the private key will be deleted, meaning the files can't be recovered.

site map

business hours

We are open for business during the following times:

Monday to Friday: 10 am to 5pm.

newsletter sign up

By subscribing to our newsletter, you will always be updated with the latest news and offers from us.