TorrentLocker Malware Spreads In Europe Through Emails

Security experts at cyber security firm ESET have identified that the TorrentLocker malware (CryptoLocker) is spreading rapidly all over the Europe and reached North america and Austalia.

TorrentLocker malware is a malicious program which encrypts files on infected computers and then demands a ransom for decrypting those files. The name TorrentLocker is because, the early versions of the malware set a Registry entry which referenced the Bit Torrent application.

The malware writers is actively changing the TorrentLocker according to the internet climate. For example, in September Finnish researchers at Nixu Oy released a technique to decrypt the encrypted files without handing any money over to the criminals behind the attack. After that, the authors of TorrentLocker released a new version which changed their encryption methodology, and shut the door on the loophole immediately.

After the malware encrypts all the files, it pops up a webpage for buying a decryption inorder to get all those files back.

How The Malware Spreading ?


Malware writers still uses the conventional "unpaid invoice" phishing email techniques to spread the malware.

“The credibility of the email is increased by mimicking business or government websites in the victim’s country,” explains ESET. “To fool the victims, the attackers have even inserted CAPTCHA images to create false sense of security.”


ESET’s research indicates that even though a mere 1.45% of victims are paying the ransom (570 of 39,670 infected systems) that has still made the criminals between $292,700 and $585,401 in Bitcoins.

According to data gathered from TorrentLocker’s C&C (command and control) servers, a jaw-dropping 284,716,813 documents have been encrypted to date.

Want more information on the cryptolocker Malware(TorrentLocker), ESET's technical whitepaper is free to download.

No comments

Powered by Blogger.