TorrentLocker ransomware infects thousands of computer systems in Australia
23 December 2014
Alert Priority Moderate
Businesses and individuals are advised to protect themselves against ransomware amid reports a notorious version has infected thousands of computer systems in Australia and around the world.
Recommended steps include using spam filters and exercising caution when opening emails with attachments and visiting websites; using a reputable security product; regularly updating and patching operating systems and applications; frequently scanning your computer; using strong and unique passwords; and – most importantly − backing up your data regularly and keeping the copy in a safe place disconnected from your computer or network.
A recent report from security researchers detailed changes over the last few months of the TorrentLocker ransomware, which is used to extort payment from victims by encrypting files on a computer system and demanding a ransom for the key to unlock the files.
Security researchers ESET found TorrentLocker had infected at least 39,000 computer systems worldwide, including more than 9,000 in Australia, and the people behind the malware may have received the equivalent of up to US$585,000 in Bitcoins – a virtual currency – as ransom.
According to ESET, users may be infected when they open a spam email that suggests they open a so-called ‘document’. This ‘document’ is a malicious, executable file that will install TorrentLocker, encrypting files on the user’s computer. The subjects of messages used to trick users include unpaid invoices, unpaid speeding tickets and package tracking notifications.
Malicious individuals are reported to have created several bogus websites purporting to represent organisations such as Australia Post and the NSW Office of State Revenue to deceive businesses and individuals into downloading the malware.
TorrentLocker also steals the address book from email clients on the infected machine, most likely for use during the next spam campaign.
The research reinforces the importance of using offline backups to limit any damage caused by the ransomware. ‘TorrentLocker cannot alter the content of files that are not connected to the infected machine,’ the researchers say. ‘However, be aware that if your backup is always connected to your computer, or on a network drive that is always connectable, the malware will also encrypt that content.’
Stay Smart Online published a recent alert about ransomware which is available here.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.