Security researchers have released a new study claiming infamous crypto-ransomware TorrentLocker has now infected over 40,000 users around the world, encrypting nearly 300 million documents in the process.
TorrentLocker was originally given its moniker back in August when security intelligence firm iSight Partners named it after the registry key used to store configuration information – ‘Bit Torrent Application’.
It’s also named ‘Racketeer’ by the gang that controls it, or Win32/Filecoder.DI, to give it its technical title.In a new white paper, Eset researcher Marc-Étienne Léveillé explained that the ransomware – which encrypts victims’ data on execution – has so far infected 39,670 systems.
Although only around 1.5% of victims have paid up, this has still made the gang behind it anywhere between US$292,700 and US$585,401 in bitcoins.
Over 285m documents have been encrypted so far thanks to TorrentLocker in just 10 months in the wild, the report claimed.
Despite the relative success of the campaign, those behind it continue to target the malicious spam which carries the malware at a select group of 13 countries in Europe, Canada and Australia.
That email uses social engineering and a localized message to persuade the recipient to open a document containing the hidden malicious executable or click on a malicious link.
Once TorrentLocker is executed, it will encrypt the victim’s documents, pictures and other data and pop-up a ransom screen containing a link to the payment page reachable via Tor.
“There are references to the infamous CryptoLocker on the page. Despite the use of the CryptoLocker logo, it is not related to the same malware family,” the report added. “This is possibly a trick to mislead victims searching for help or just because authors were too lazy to give them an original brand.”
Ken Westin, security analyst at Tripwire, argued that we can expect more widely distributed and increasingly sophisticated ransomware next year, given that it’s beginning to appear for sale on underground forums.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/torrentlocker-ransomware-criminals/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.