Ransom asked to be paid in digital currency Bitcoin

Oct 22, 2014 23:31 GMT  ·  By

TorrentLocker, the ransomware meshed from CryptoLocker and CryptoWall, has been spotted making victims in Italy and Brazil, thousands of computer users falling victim to its data encryption capabilities.

The most affected country is Italy, accounting for more than half (53.35%) of the total global infections, followed by Brazil, with about a quarter (26.27%) of the compromised computers.

Daily infection rate peaks at 8,000 in Italy and around 7,500 in Brazil

Joseph Chen, fraud researcher at Trend Micro, says that in the latest attacks observed by the company, the malware is delivered via a malicious email message disguised as a payment notification carrying a link to an invoice.

The URL points to a download location for a ZIP archive enclosing a file masquerading as a PDF, which is actually the TorrentLocker ransomware.

Telemetry data from the security company shows daily infections that peaked at more than 8,000 in Italy and about 7,500 in Brazil. The numbers were recorded on October 12 and October 14, respectively, a downward trend ensuing after these dates; on October 19, zero infections were recorded in Brazil and less than 2,000 in Italy.

One particularity of this piece of malware is that it throws users on the wrong track by displaying a ransom message claiming that the data has been locked by the infamous CryptoLocker.

However, according to security researchers from iSight Partners, the “overall feel of the malware looks like CryptoWall,” which could mean that there are similarities in code.

Instructions for Bitcoin payment included, users advised not to pay

Regardless of the crypto-malware family it resembles the most, TorrentLocker has the same devastating effect: after the information on the system has been locked, there is nothing but the decryption key from the attackers to undo the action.

The fee asked by the cybercriminals to provide the unlock code is about $500 / €395 in digital currency Bitcoin (1.375 BTC).

Complete instructions are offered by the crooks for the victim to be able to make the transfer. These include details for buying the bitcoin and sending them to a wallet address.

The best way to protect against crypto-malware is to create a backup with the sensitive information. If the computer is compromised and the files are encrypted, they can be restored on the affected system after it has been cleaned of the malicious software.

The general recommendation in the case of such incidents is not to pay the ransom, because after they receive the money, the cybercriminals have no reason to send the decryption key. By not complying to their requests, activities of this sort are discouraged and hopefully this type of fraud will become less frequent, to the point of extinction.