Hey guys, whats up today we are talking about another malware that is recently found named as Torrentlocker.
If you can recall, some times ago there came a virus named as Cryptolocker. If you forget about that then read again about Cryptolocker the most threatening trojan.
Now the Cryptolocker is officially dead and buried under the ground. How can I say so ? Its because there is now a method here by which we can decrypt our encrypted files without paying the ransom.
If you are affected by Cryptolocker then go to Decryptolocker and follow the steps to recover your files.
Now Torrentlocker can be the son of cryptolocker and may be The SuperMan as well ( Cause its the son of crypton and powerful as well ). Which shows the features of both Cryptolocker and Cryptowall. By looking at it, it looks like almost the same as Cryptolocker but Torrentlocker is indeed different.
(Image Source – Remove – Pcvirus)
The iSightPartners which is a security researcher found out this malware and analyse it.
[themify_quote]Additional info :
Read the report of Torrentlocker by iSightPartners.
Torrentlocker – What it can do ?
When Torrentlocker hit a system, it runs in background and encrypt the files of the computer without the knowing of the user. Then after that it will demand a ransom for the decryption of the encrypted files.
The other thing about this Torrentlocker is that, when it runs it show it self as the Cryptolocker and cryptowall while its a totally different species. Now if you are thinking that if it shows the name of the Cryptolocker then why it is named as Torrentlocker ?
The answer to that question is that, it make a modification in the Windows Registry under ‘HKCU\Software\Bit Torrent Application\’. So that’s why it is named as Torrentlocker. But it is not proven that it comes from file sharing protocols or from torrent (Thank GOD we are saved 🙂 ). Most probably it came from the spammy emails which has some attachments.
Now the attachments you will get, will be more likely as the Cryptolocker. Means the attachment will have a double extension. That means you will think of the attachments as .pdf but it will be .exe.pdf . As soon as the .pdf opens the .exe will be deployed in the background and your computers will be hit by the Torrentlocker.
So in short, Torrentlocker have the power of both Cryptolocker and Cryptowall.
Just like cryptolcker its encrypts the file of your system and demands a ransom to give you back your file. And like cryptowall it will show you a FAQ section in which you can see some basic question answers as well.
(Image Source – iSightPartners)
But here is one more evil thing about Torrentlocker, which is that the amount of ransom is now increased. Torrentlocker demands 500 USD/EUR and gives you a time to which the transfer should be made. But if you fail to transfer the money in that time then you will have to pay 1000 USD/EUR to decrypt the file.
Now this money has to be send using Bitcoin so that the programmers who created this will not be tracked. As bitcoin is used for anonymity.
Torrentlocker – How it is different ?
Torrentlocker is completely different on code level and more to that there have been some changes. So it can be said as a derivative of the Cryptolocker but it still very much different. Its like a lion is born from a leopard or something like that.
After the Torrentlocker is executed, the first thing it will do is make a modification in explorer.exe by which it will do most of its work. After that it will make its multiple copies in the windows directory. Now the thing it would do is save it self by different or a random name so that an Anti – Virus would not identify it as a threat. And in the background it will also instantiate its multiple installation as well.
Now unlike Cryptolocker, Torrentlocker gives you an option to decrypt a single file from your disk. This is to prove that when you pay the ransom all of your files will be decrypted. And as I told you above you have to pay the ransom in the given time or the amount for the ransom will be doubled after the given time is over.
(Image Source – ZonaVirus)
There is one more thing about Torrentlocker, which is it also have the option to pay the ransom money through Dogecoin and Litecoin.
Torrentlocker – How to remove it ?
There are no option other than paying the ransom. But I won’t suggest that, as we saw in the Cryptolocker case soon its removal will arrive shortly.
But there are certain things you can do to prevent losing of data :
- As soon as you realize that you are hit, turn off the computer. If it says that your files won’t be decrypted if you do that, then don’t believe it and turn off your computer.
- Install a fresh copy of windows or use Linux as it is more secure.
- Then install a good antivirus and do a complete system scan.
- Always keep a external hard disk in which you can keep your backup.
- If hard disk is not an option then use a usb of good size and keep your important data in it.
That’s all on Torrentlocker, if you are hit or know anything else then please comment below.
For more such news follow us on social networks :