The well-known windows ransomware TorrentLocker is back once again. This ransomware is also famous as Cryptolocker ransomware. This ransomware was active in 2014 and it was targeting windows users by encrypting their system data. The hackers were spreading this ransomware via the various type of spam email campaigns. According to the various security firms, this ransomware was inactive in the middle of 2015. The “Heimdal Security” has reported that Torrentlocker ransomware is now back with more advanced features. The authors of Torrentlocker (Cryptolocker) ransomware spent almost two years on it to add more advanced malicious scripts in its source code.
How is It Different From Old Torrentlocker Ransomware?
The old Torrentlocker (Cryptolocker) ransomware was capable of encrypting all the data files of the victims. The scammers were demanding ransom from the victim to decrypt all the encrypted data. But this new Torrentlocker ransomware is quite aggressive because it is capable of stealing the user credentials of any infected computer. After stealing username and password, the hackers could remotely use the infected system to perform unethical activities. This new ransomware could get entry to other systems through shared files. This ransomware is undetectable by the most of the antivirus tools. By infecting flash drives and external storage devices, it is very easy for this ransomware to infect other computers.
How Are Hackers Spreading This Ransomware?
The hackers are sending the various type of spam emails by labeling them with “High Importance” subject lines. In emails, they are sending malicious word document attachments. When the victim downloads this malicious attachment and clicks on “Enable Editing” option, a PowerShell code gets execute automatically. This code is capable of encrypting all the data files, which are present in the infected system. The hackers could also steal stored usernames and passwords from the web browsers. Now you can understand if an unaware victim is saving his financial and corporate usernames and passwords in the web browsers he could lose his money and business.
The Victim Countries
Till now, the European internet users are the main target of the hackers. The “Denmark” is the most affected country according to the Heimdal Security. The countries like the United Kingdom, Sweden, and Turkey are also in this list. The antivirus tools have not been updated by the security firms yet to detect this advanced TorrentLocker (Cryptolocker) ransomware. The security researchers at Heimdal Security said that security tools to detect “TorrentLocker Ransomware” are available online but they have not been tested by security experts yet.
Security Tips For Users
- Don’t click on unusual links which you are getting in emails.
- If you are getting suspicious attachment files in emails, then don’t click on “Enable Editing” option.
- Don’t save your sensitive account credentials in web browsers.