ESET researchers have identified TorrentLocker ransomware updates

TorrentLocker, which ESET analyzed in 2014, is still active, and thanks to the way it selects potential victims with targeted spam, it avoids the attention that better-known crypto-ransomware receives. However, the of ESET are still monitoring this particular malware. 

«The gang behind TorrentLocker seems to be still in the game. They have improved their tactics and have slowly renewed this ransomware, trying to keep it undetectable"Says Marc-Etienne M. Léveillé, an ESET malware researcher. TorrentLocker

TorrentLocker spreads via emails with a page claiming to download a "document" (supposed to be an invoice or file with tracking). If the malicious "document" is downloaded and opened by the user, TorrentLocker is executed. It initiates its communication with the C&C server and encrypts the victim's files.

Ένα πολύ γνωστό χαρακτηριστικό του TorrentLοcker είναι το πόσο τοπικά εστιασμένες είναι οι λειτουργίες της λήψης, των λύτρων και των σελίδων πληρωμής. Στα θύματα παρέχονται πληροφορίες στη δική τους and in their local currency.

Improvements in TorrentLocker go beyond Internet users' protection mechanisms in selected countries, namely TorrentLocker communication with Command-and-Control servers, protection of the C&C server with an extra layer of encryption, anti-detection techniques and the process encryption of user files.

One of the most important features of CryptoLocker is to add a script to the chain leading to the final malicious executable file.

"THE στο spam μήνυμα ηλεκτρονικού ταχυδρομείου οδηγεί σε ένα PHP script που φιλοξενείται σε ένα παραβιασμένο διακομιστή. Αυτό το script ελέγχει αν ο επισκέπτης περιηγείται στη στοχευμένη χώρα και, αν ναι, θα εμφανιστεί η σελίδα με το επόμενο στάδιο αυτού του κακόβουλου . Σε αντίθετη περίπτωση, ο επισκέπτης ανακατευθύνεται στην Google» εξηγεί ο Marc-Etienne M. Léveillé.

In analyzing this malware and its campaigns, ESET researchers found that 22 countries received a translated version of the page for ransom or for payment. However, 7 has not been affected so far by any major TorrentLocker spam campaign. These are France, Japan, Martinique, Portugal, the Republic of Korea, Taiwan and Thailand.

Details of the TorrentLocker crypto-malware improvements are available at detailed article on the official ESET blog, WeLiveSecurity.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

crypto-ransomwareESETransomwarespamupdates

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).