Torrentlocker ransomware is the name of the latest encryption program that is aimed at Australian computer users. The infection enters the computer via spam and encrypts many different files. It is known that the Torrentlocker ransomware is capable of encrypting over 100 file types, including documents, archives, and databases. This new ransomware infection is similar to infamous ransomware infections CryptoLocker and CryptoWall, both of which are regarded as more sophisticated than the latest piece of ransomware.
Unlike the notorious ransomware infections, Torrentlocker uses the Rijndael algorithm for file encryption, which requires a unique password.
How does the Torrentlocker ransomware work?
The infection encrypts files and displays a ransom warning that requires that the user pay a particular amount of money in order to regain access to the locked data. Before encrypting the file, the infection connects to a command-and-control (C&C) server to receive a certificate and some additional information.
In order to restore the encrypted files, the user is asked to acquire Bitcoins and send the money to the attackers’ account. The ransom warning suggests that the Torrentlocker ransomware is aimed at Australians because the currency of the fee is provided in Australian dollars (AUD). More specifically, the user is prompted to spend 500 AUD, which is 0.8 BTC. In case the user does not manage to pay in time, he/she is required to pay 1000 AUD. Additionally, before paying money for file decryption, the user is allowed to decrypt one file, which does not mean anything if the infection has encrypted over 1000 files.
Similarly to Cryptowall, the ransom warning of the Torrentlocker ransomware features an FAQ page and a donation page. The latter provide the user with three eCurrency addresses which can be used to donate eitherBitcoins, Litecoin or Dogecoin.
Information about the infection is located in the Windows Registry, which contains the original binary code, install location, autorun key, ransom message, and some other Torrentlocker-related information.
How to prevent Torrentlocker?
The Torrentlocker ransomware spreads over spam, just like many other Internet-based computer infections. It is crucial to ignore spam emails and delete them as soon as they are received. When you open a spam email, you may be asked to click on a link or extract some archive file, which usually contains a piece of malware.
It is also important to back up valuable information on a regular basis so that you can use it in case the computer gets damaged or infected.
It is also important to remove Torrentlocker because this infection remains on the computer after file encryption unlike other ransomware infections.
In order to use the Internet safely, you should use a reputable malware removal program; otherwise, your computer and personal information could be affected once you connect to the Internet.
0 Comments.