In recent months the trojan TorrentLocker hit the PC in the world, taking “hostage” the computers of institutions and individuals for ransom in Bitcoin. It is a so-called ransomware, a specific category of malware that sends the request of illicit money to businesses, organizations and individuals. The experts at ESET, one of the world producers of software for digital security have in-depth methodology d ‘ action and the extent of the damage caused so far by the powerful malware
Throughout 2014 and with greater intensity in recent months, trojan TorrentLocker has attacked the PC of organizations, companies and users around the world. The unfortunates were seen then ask for a ransom in Bitcoin.
The virus is a powerful ransomware, a specific category of malware, is not new in the landscape of cyber attacks: in 1989, in fact, the Trojans AIDS demanded 189 $ users to unlock the files affected by each attack, while CryptoLocker, ancestor of TorrentLocker active in 2013, attacked about 250,000 PCs worldwide.
Following a resurgence of activity TorrentLocker , in a particular way in Europe, the research center of ESET has analyzed the mechanism of action and assess the extent of malware.
HOW THE MALWARE
TorrentLocker (Win32 / Filecoder.DI) encrypts documents PCs attached to request the victims of cyber crime to pay a ransom to return to have access to their files through the download of the software decryption.
The malware acts usually as a result of sending an e-mail containing a link to an alleged contract, or a utility bill or invoice to pay. Once opened, the link leads to the download of a compressed folder containing a fake pdf file: in fact, it is an executable program (the fake .pdf extension in the file name is followed by a long line that comes out of the screen and hides an .exe).
The messages are tailored to the country of the victim and the redemption is requested in Bitcoin just to hide the country of origin of the hacker: now even TorrentLocker uses a specific Bitcoin account for every single attack.
NUMBERS TORRENTLOCKER
TorrentLocker was detected for the first time in February 2014 and, in the months to follow, attacked computers of organizations, companies and private in Italy, UK, Ireland, France, Germany, Netherlands, Spain, Austria, Czech Republic, Turkey, Australia, New Zealand.
Experts ESET have drawn up a ‘in-depth analysis of the scope of the attack computer, here are some data:
– The virus has infected 39,670 systems: 570 victims, namely the’ 1.45 % of the total, paid the ransom to cyber criminals.
– The amount of the sum from the redemptions comes to about 585 000 $ in Bitcoin.
– Until now, they have been encrypted at least 284 716 813 documents.
– According to experts ESET , hackers advocates TorrentLocker could be the authors of the trojan banking HesperBot.
Researchers ESET managed to collect this information by studying the server C & amp; C (command & amp; control) of TorrentLocker and how they generate URLs for the pages of payment. In this way it was possible to go back to the countries targeted by hackers, the number of encrypted files and the ransom demanded for each attack.
The best way to counter such attacks is to be cautious in opening messages from unknown sources and use appropriate information security solutions.