TorrentLocker Infects Around 40,000 Machines across the World - ESET

Security firm ESET released a new White paper revealing that the criminal gang behind the infamous TorrentLocker has managed to infect 40,000 systems in countries like Turkey, UK, Canada and Australia.

It is also known as 'Racketeer' and Win32/Filecoder.DI as its technical title among the gang.

TorrentLocker is the latest series of malicious pieces of malware known as ransomware which locks your computer, encrypts your files and demands for ransom to release your personal data again.

The report also said that there are references to the infamous CryptoLocker on the page and inspite of usage of its logo, it is not related to the same malware family. Infosecurity-magazine.com published news on 17th December, 2014 quoting Marc-Etienne Leveille, a Researcher with ESET, as saying "This may be a trick to mislead victims who are searching for help or just because authors were too lazy to give them an original brand."

According to new research of security firm ESET, the criminals have managed to infect 39,670 systems in more than 12 countries all over the world but only 750 of these have paid ransom in bitcoin.

None of the malware infected people paid any ransom amount in Canada, UK, Germany, Australia Ireland and New Zealand and most ransoms were paid in Italy, Turkey, Spain and Netherlands.

However, inspite of such seemingly low conversion rate, criminals have managed to bag a sizeable amount of money as the ransomware first appeared in February 2014.

The report claimed that TorrentLocker have encrypted more than 285 documents in just 10 months in the wild.

Enterpriseinnovation.net reported on 18th December, 2014 quoting Leveille as saying "we believe the actors behind TorrentLocker are the same who are behind the Hesperbot family of the banking Trojan malware."

Computerworld.com.au reported on 17th December, 2014 quoting Leveille as saying "criminals have been reacting to online news about TorrentLocker by defeating indicators of compromise employed to detect the malware and change the way they employ Advanced Encryption Standards (AES) from counter mode (CTR) to encrypt block chaining mode (CBC).

This implies that sufferers of TorrentLocker can no longer get all their documents by uniting an encrypted file and its plain text.

» SPAMfighter News - 12/31/2014