A ransomware virus is actually a fairly simple concept. The malware goes through the infected system, encrypts all of the files, then demands payment, usually to a bitcoin address, in exchange for the decryption key that will unlock all of your files.
In the case of this special version of the Power Worm malware, the encryption method is executed properly, but the virus never stores the key that’s used to encrypt the files. That means that even if you decided to pay the ransom, which isn’t advisable, this particular virus won’t be able to decrypt the files.
The slip-up is actually a result of the hacker who wrote the code trying to cut a corner that’s often a sticking point for ransomware. Instead of assigning each user a new ID so that the encryption key can be recovered for them, the system is supposed to use the same ID and code for every user. Unfortunately, when the code was rewritten with this change in mind, an error was made that causes the key to be set to NULL after finishing.
The result is a computer full of files that are permanently encrypted, a sad situation to be sure, but at least affected users will know that paying would do them no good. You’ll know if you’ve been struck by this particular, poorly-written, version of the Power Worm bug if the DECRPYT_INSTRUCTION.html file it creates lists the ID# as qDgx5Bs8H, but again, paying the ransom isn’t advisable regardless of the origin of the malware.
- 5 of the best antivirus solutions for your small business in 2020
- The best free antivirus software for 2020
- How to remove malware and viruses from your Android phone
- The best free antivirus platforms for Mac in 2020
- All the COVID-19 vaccines and treatments currently in clinical trials