TorrentLocker: Ghost in Your Machine
- Tags: TorrentLocker
There’s something about torrents that makes them controversial. Apart from the fact that you’re downloading stuff for free (even paid stuff for free), it is one of the most common carriers of malware, viruses and Trojans. While our next culprit has nothing to with torrents, its heinousness is enough to make a permanent impression on the victim. Appearing first in 2014, TorrentLocker is a close cousin to other infamous Ransomware such as CTB-Locker, CryptoWall, Locky and CryptoLocker etc.
How It Infects
Like most other Ransomware, it enters the victim’s computer through spam emails and fake document files containing a link to these programs. Sometimes, such malware could be concealed within a document containing a hidden macro. As soon as the victim opens the infected document, the macro will secretly download the TorrentLocker Ransomware on your system.
Once downloaded, TorrentLocker will automatically initiate a fake or hollow process, while running a malicious code. To make matters worse, its process of choice is often explorer.exe making its functioning, practically undetectable. It then deletes all volume shadows and injects a special code that will disable internet explorer.
It then duplicates itself in various locations such as startup and windows directory so it will continue to function even if the system is re-booted. It then connects to its command servers over HTTPS, so its activity cannot be tracked. The files are then encrypted and the key, along with the encrypted files are sent to the command servers where they are held for ransom.
What Makes It So Different?
TorrentLocker not only encrypts your files for ransom, but can also steal email contacts from your personal inbox for targeting. While using a highly robust AES encryption, TorrentLocker is also known for its unusually descriptive ransom notes. They are often written in grammatically correct English and are designed to mimic/mock official notices government bodies and offices. These often display the demanded amount as a tax or payment for a parcel. Nevertheless, the ransom notes could also be straightforward, demanding a specified amount and providing a link where the payment could be made.
How to Protect Yourself?
Emergence of more and more Ransomware is becoming a huge menace for the internet community and there aren’t a lot of ways to protect yourself once it’s in your system. Therefore, the best practice is to back up your data so you do not need to be at the mercy of such criminals. There are several tools available for this such as Ransomware Protector, that keeps your data safe and secure from such threats. Even if your system is infected with Ransomware, you can simply format your hard drive and retrieve your important files and programs later.