Latest information about TorrentLocker virus:
TorrentLocker ransomware virus has been spotted on the September 2014 and has been updated several times since then. The virus code has been cracked on 2015 and victims could decrypt their files. However, the virus has been updated on 2016 again, and the recent version is still undecryptable. According to the malware researchers, the virus is a clone of infamous CryptoLocker [1]. The threat insidiously sneaks into a device, locates personal files and encodes them using a mathematically complex algorithm, RSA-2048 [2]. What is more, it has been revealed that the virus has been employing a new technique to broaden its infection scale. TorrentLocker virus has been mostly aimed at Australian computer users. However, later it shifted its attention towards Swedish users. For the distribution and infiltration, the cyber criminals use the name of a trusted telecommunication company, Telia, which has a wide range of customers in Europe and Asia, to convince users into entering specific web page [3]. The ransomware gets compressed into the explorer.exe file. Thus, locating the file on the system might become a tricky task. If you have become one of the victims, get acquainted with TorrentLocker removal possibilities. For that purpose, FortectIntego is a useful tool.

The malware encrypts victim’s files (photos, videos, audio files) and, then, displays a message requiring people to pay a ransom for retrieving them. The virus leaves DECRYPT_INSTRUCTIONS.html file which contains the message instructing to proceed with the payment. It alarms users into paying the ransom within the specified amount of time. Such technique of using psychological terror is common among hackers. Otherwise, the data will be lost. In the note, the victim is demanded to enter a certain Australian Bitcoin website and purchase bitcoins from it. The ransom equals to 550 USD and should be sent to the indicated address. We discourage you from making the transaction because it does not guarantee the retrieval of the locked data. Therefore, it’s better to remove TorrentLocker from the computer than pay the ransom to the cyber criminals.
Regarding the TorrentLocker decrypt probabilities, IT experts have managed to come up with several decoding techniques. They have been trying to catch up with hackers by working out possible decoding strategies. In 2015, TorrentLocker decryption tool was created. Nonetheless, cyber criminals seem to be one step ahead. Torrent Locker employs Tor network as an additional backup channel for Command & Control server [4]. Due to the fact, that this virus is continually improved, there is no decryption key for the current version of the ransomware yet. Recently, the new version of the malware has emerged. It appends 6-alphabetic character file extension to the encoded files. All the demands are presented in How_to_Restore_Files.html and How_to_Restore_Files.txt. Specialists named it Crypt0l0cker ransomware. Luckily, there might be hope. TorrentLocker cannot start encrypting files if it does not connect to its command server. Thus, it may create a chance for IT professionals to come up with the solution faster. If you are already infected, you should remove TorrentLocker instantly. Rely on a reputable antivirus software.
Update March 2017: Increased activity of an improved TorrentLocker version spreads panic in Denmark
Update March 2017: Increased activity of an improved TorrentLocker version spreads panic in Denmark
TorrentLocker is growing ever more dangerous as it now seems to be targeting specific countries [5]. In the five last days of February 2017, Denmark has been under siege by a malicious spam campaign that distributes TorrentLocker around. Apart from picking a target country the virus creators have also added some new adjustments to the program itself. One of these additions includes ransomware’s ability to spread from one computer to another via shared files. This is obviously an attempt to increase the volume of the infected computers and, naturally, ensure a greater profit. The hackers have also equipped the malicious program with phishing functionalities, enabling it to steal passwords and usernames that it manages to extract from the infected computer. So, it is possible that ransomware attack may end up in identity theft and other privacy infringements, let alone encrypted files.
If you live in Denmark, you should be especially careful when opening emails you receive in your inbox. Nevertheless, the users in other parts of the world should not let down they guard either. You can never know who’s next on the ransomware’s target list. If you open an email that asks you to “Enable Editing” or “Enable Macros” don’t do it. TorrentLocker needs you to enable macro settings to activate the malicious code and start the encryption of your files. Delete the file immediately, disconnect your computer from the network and scan your system with an antivirus tool.
Methods of distribution
Just like the majority of ransomware, the Torrent Locker virus is distributed through spam emails. As we already mentioned, the victims receive perfectly localized emails which seem like to be sent from Telia. The subject of the email is entitled as “Invoice from Telia” including the name of the recipient. Thus, it contains a single link which redirects to the website which looks like an official website of the mentioned Tele company. Thus, when users get to the website, it asks him or her to type the provided Captcha code to identify whether the user is not a robot. Without suspecting anything wrong, you enter the code, and TorrentLocker malware is downloaded to the computer. Note that the ransomware gets downloaded, after indicating that the victim is from Sweden. After that, the victim is connected to manybigtoys.com server which registers the infected PC. Thus, it is likely that the data might be used for future infiltrations.
In order to protect your PC, avoid opening emails, even if they are seemingly sent from tax or telecommunication companies. Concerning the spam email of Telia, the official website will not require you to enter any code upon entering the website. Though the first versions targeted mainly Swedish users, the malware impersonates such companies as British Gas (Uk), Endesa (Spain), New Zealand Post (NZ, etc. [6]. Moreover, you should always look for typos or grammar mistakes, check the sender’s mail and compare it to the company’s email. If it looks suspicious, you should always contact the company directly. Lastly, some versions might be dispersed with the help of exploit kits, so improve your security by updating anti-spyware and anti-virus programs.
How to remove TorrentLocker ransomware from the system entirely?
If TorrentLocker virus has infected a computer, start a system scan using the anti-spyware program (FortectIntego or MalwarebytesMalwarebytes). Keep in mind that you need to have the newest version in order for the software to root out the virus completely. You should know that the security application does not decrypt the locked files. Thus, you need to look for other programs which will help you recover the files. The easiest and most secure way to do that is to restore the data from the back-up. If you struggle with TorrentLocker removal because you can’t run the security programs, then, take a look at the instructions below.
Was this guide helpful?
4 comments