Cyber-security researchers at Intezer Labs and IBM X-Force have discovered an unusual ransomware that’s reportedly being used for targeted attacks against enterprise servers. Named PureLocker because its written in PureBasic, the malware has apparently been traced back to a well-known Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack groups.
Together with @IBMSecurity we have identified a new, undetected #ransomware being used in targeted attacks against enterprise production servers. Code reuse analysis points its origins to a MaaS provider utilized by #CobaltGang & #FIN6 attack groups. https://t.co/S9U4X2dlQi
As mentioned already, the ransomware is written in the PureBasic programming language, which makes it a rather uncommon phenomenon in the malware domain. However, according to Kajiloti, the unusual choice poses advantages for the attacker, because “AV vendors have trouble generating reliable detection signatures for PureBasic binaries”. In addition, PureBasic code is portable between Windows, Linux, and OS-X (macOS), making it easier to target different platforms.
