Power Worm targets Windows OS and is written in Windows PowerShell which it uses to deliver its payload. It is most commonly spread via spam email containing malicious code. Power Worm deletes Shadow Volume Copies and, due to a programming error, also destroys its own decryption key resulting in unrecoverable files even if victims do choose to pay the ransom.
- Bleeping Computer provides more information about Power Worm, available here.
- The NJCCIC is not aware of any decryption tools available for Power Worm.