TorrentLocker ransomware virus, which is also known as fake Crypt0l0cker, has been disappearing and emerging again since 2015. Since then, it became apparent that this ransomware exceptionally targets Danish-speaking computer users. Creators of the virus showed creativity by employing different distribution tactics every once in a while. In the past, the ransomware authors spoofed the identities of companies such as IKEA, PostNord, or Telia to trick unsuspecting victims into opening malicious links leading to phishing pages that contained obfuscated links to download the ransomware. TorrentLocker was also spread via emails containing malware-laden Word documents with malicious macros. It appears that the attackers changed their tactics once again and now they are distributing the malware via a campaign that once again targets Denmark and delivers malware via email.
Although security researchers demonstrated their skills and released a TorrentUnlocker to rescue files encrypted by earlier Torrent Locker’s versions, it seems that virus’ authors fixed flaws in their code already, therefore the decryption tool is useless in a confrontation with the latest ransomware variants. If you already tried it and it didn’t help you to restore the encrypted data, we must say that the only chance to restore your files is to use a data backup, of course, if you ever created one. We only want to warn the victims that the malware has been markedly improved since 2015, and now the virus is capable of swiping login credentials for all services that the victim uses and sharing the virus to other PCs through shared files. You can read more information about TorrentLocker’s capabilities in this article.