I wrote about CryptoLocker and the fix for it (here, here and here), and CryptoDefender.
Well, I’m here to really make your (Labor) day. After CryptoDefender came Cryptowall for Mac (so you Apple guys wouldn’t feel left out of the joy), and CryptoWall (the baddy on about 600K computers. Oh…and now “TorrentLocker”.
TorrentLocker is a truly deadly piece of malware infecting folks using BitTorrent. While there are ways of getting rid of the others, this one combines CryptoLocker and CryptoWall using BitTorrent keys in the Windows Registry. It’s ransomware, as well.
“A blog report published by iSIGHT Partners says that this ransomware dubbed as TorrentLocker by them is a file encryptor. Once it infects the system, it encrypts almost all important files and folders using Rijndael algorithm (symmetric cipher). The malware then sends a ransom message which informs the victim that that their files have been encrypted by the "CryptoLocker virus," and the ransom page. iSIGHT Partners also noted that the FAQ section of this malware is similar to CryptoWall malware.” – TechWorm
They named the ransomware 'TorrentLocker' because its configuration resides in the Windows Registry in HKCU\Software\Bit Torrent Application\Configuration.
You can read more about it at the TechWorm link, above. Hopefully, the C&C servers will be found and taken down before more folks are screwed over. As usual they’re asking for $500 for the decryption “key”. If not paid in 48 hrs., the price rises to $1,000.
So far, no fix to this bad one…it is very different at the code level.
Sources:
http://news.techworld.com/security/3541999/cryptowall--ransom-trojan-has-infected-625000-systems-says-dell-secureworks/
http://www.techworm.net/2014/08/torrentlocker-malware-combines.html