PureBasic-based Ransomware Discovered

PureLocker, an unusual form of ransomware that attacks enterprise servers, has gone undetected for some time but has recently been revealed by cybersecurity analysts at Intezer and IBM X-Force.  What makes PureLocker so unique is that it’s written in PureBasic programming language.  Malicious software written in PureBasic is difficult for most security systems to detect.  It is also transferable amid different platforms like Windows, Linux, and OS-X.

Aimed to strike the most valuable databases, the attackers hold the victims’ servers hostage until ransom is paid, usually in six-figure amounts of dollars or bitcoin.  The decryption key is promised reward for payment.  Non-payment of the fee within seven days threatens complete destruction of the decryption key, rendering the entire server’s critical data useless.

According to Michael Kajilot, a security researcher at Intezer, there is no current figure on the number of victims affected by the PureLocker campaign.  Both Intezer and IBM X-Force have confirmed the campaign is active and being offered as a bespoke tool which limits criminal use to only those who can afford its dark web hefty price tag.  Cobalt Gang and FIN6 have launched previous campaigns with similar coding, and PureLocker does contain strings from ‘more_eggs’ backdoor malware.  Though the exact delivery method for PureLocker remains uncertain, its similarity with the ‘more_eggs’ malware suggesting phishing emails may be the entry point.