Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.
PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations. It stood out because it was implemented in Windows PowerShell, a scripting environment designed for automating system and application administration tasks.
Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.
Here’s how it works: the Guardian Project turned a simple Raspberry Pi mini-computer into a smart hub running the open-source software called HomeAssistant software and acts as a so-called Tor hidden service, the same application of Tor that obscures the location of servers running dark web sites. The result, says Guardian Project director Nathan Freitas, is a far stealthier and more secure way to connect your smart home to the Internet, while still keeping it safe from potential digital attacks. “All we did was pull these pieces together to demonstrate a proof-of-concept for the role Tor can play in your home,” says Freitas, who’s also a fellow at Harvard’s Berkman Klein Center for Internet and Society. “It’s turning your Internet-of-things hub into a hidden service.”