ESET has analysed a widespread case of ransomware generally known as TorrentLocker, which started spreading in early 2014. The latest variant of the malware has infected at least 40,000 systems in the last few months. TorrentLocker has mainly targeted users in Europe, but it has also infected users in Canada, Australia, and New Zealand. This family of ransomware encrypts documents, pictures, and other files on users’ devices and requests a ransom to return file access. Its typical signature is paying ransom solely in crypto-currency – up to 4.081 Bitcoins (1180€ or $1500).
Free eBook: Modern Retail Security Risk – Get your copy now.
In total, there have been almost 40,000 infected systems thus far, with more than 280 million documents encrypted. The authors behind TorrentLocker earned up to $585,401 in Bitcoins from the 570 known infected systems for which the ransom was paid. Ireland is included in these statistics, having had 112 infected hosts registered and 2.5 million files encrypted. The ransom demands in Ireland ranged from €600 to €1000 per victim, but according to ESET’s research, none of them have been paid.
How does the infection spread? The victim receives spam e-mail with a malicious document and is then led to open the enclosed file (fake attachments that mostly come in the form of unpaid invoices, package tracking emails, or unpaid speeding tickets notices). Attackers mimic businesses or government websites in their emails, thereby increasing the credibility of their hacks. To fool the victims, the attackers have even inserted CAPTCHA images to create a false sense of security.
More details on the TorrentLocker ransomware are available on our blog.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.