14 DAY TRIAL // In the past few days, two large spam waves have crashed into Denmark, carrying TorrentLocker ransomware, the famous malware.
It seems that this time around the ransomware was distributed with the help of Microsoft Word documents embedded with malicious macros, say the researchers from Heimdal Security. Users were tricked into downloading these malicious files which caused them quite a lot of troubles.
It seems that if the victim enabled the macro by clicking on the "Enable Editing" button, a PowerShell code was executed, which, in turn, downloaded ransomware from the TorrentLocker family.
Of course, the default option simply allows users to view the file. Tapping that aforementioned button, however, tips the first domino piece which eventually leads to your entire computer being locked up.
This new TorrentLocker variant comes with a few new features, unfortunately, namely the possibility of harvesting usernames and passwords from infected computers and the capacity to spread to other computers through shared files.
Scanned through VirusTotal, detection levels were low - 3/55, but the numbers may very well be a lot higher because of the way VirusTotal actually runs its tests.
"These spam waves are very aggressive, so please be extra cautious with protecting your inbox and carefully evaluate which emails you open. A similar spam wave spreading TorrentLocker as well still achieves a rather low detection rate, even 4 days after it was discovered: 19/56 on VirusTotal," Heimdal's blog post reads.
Prevent, don't fix
Older variants of TorrentLocker can be removed without having to pay the ransom, which, of course, is never advised. However, the decryption tools have not been tested on this new variant just yet, so the outcome is unknown.
When it comes to this type of attacks, prevention is the way to go. Therefore, please make sure you know the sender of the emails you get, and that you check the address even if the name seems known to you. Also, don't open just any document sent to you unless you are aware someone sent you a file. More importantly, even if you do open an email from an unknown source, don't bypass the security features built in email clients if you are advised against it.