The ransomware Torrentlocker earned the cybercriminals behind the malware more than $300,000, according to the Dutch security research company Fox-IT. The malware spreads in e-mails with track and trace codes of a fake postal company.
Cybercriminals make money with Torrentlocker because the ransomware encrypts files on their PC and requires a payment with Bitcoins to decrypt them. The criminals use seven different Bitcoin address, according to Fox-IT. Because the malware demands a $500 ransom to decrypt the files it's estimated that about 650 have become victim of Torrentlocker. Fox-IT reports that more than 4000 systems have been infected which means the majority of infected users hasn't paid the ransom.
The ransomware distributes itself by searching for e-mail addresses in Thunderbird, Outlook and Windows Live Mail. It also looks for credentials to login to mail accounts. The malware then sends mails to its victims containing a link to a track and trace page of a fake postal service. After a Captcha has been solved the site offers a .ZIP file containing an executable file masked as a PDF. As soon as that file is executed the ransomware starts to encrypt the files.
Torrentlocker made victims all over the world but the majority of the infected systems appears to be in Austrialia. Fox-IT states it's looking for a method to decrypt the files without paying.
