Wednesday, 17 December 2014

TorrentLocker rampaging through Europe, no ransoms paid in Ireland

ESET has analysed a widespread case of ransomware generally known as TorrentLocker, which started spreading in early 2014. The latest variant of the malware has infected at least 40-thousand systems in the last few months. TorrentLocker has mainly targeted users from Europe, but has also infected users in Canada, Australia and New Zealand. This family of ransomware encrypts documents, pictures and other files on user’s device and requests ransom to get back access to their files.  Its typical signature is paying ransom solely in crypto-currency – up to 4.081 Bitcoins (1180€ or $1500).

In total there have been almost 40,000 infected systems and more than 280 million documents have been encrypted. The authors behind TorrentLocker earned up to $585,401 in Bitcoins from the 570 known infected systems for which the ransom was paid. Ireland is present in these statistics with having 112 infected hosts registered, 2.5 million files were encrypted, the ransom demands in Ireland ranged from €600 to €1000 per victim, but according to ESET’s research none have been paid.

How does the infection spread? The victim receives spam e-mail with a malicious document and is then led to open the enclosed file (attached are mostly unpaid invoices, tracking of a packages or unpaid speeding tickets). The credibility of the e-mail is increased by mimicking business or government websites in the victim’s country. To fool the victims, the attackers have even inserted CAPTCHA images to create false sense of security.