TorrentLocker ransomware earns criminals up to £34m in bitcoin in eight months
A cyber-crime gang behind one of the fastest-growing pieces of ransomeware has earned $40m since March this year.
TorrentLocker is a piece of ransomware which locks down victims' computers demanding payment in bitcoin to decrypt files or risk losing them forever.
Researchers from security firm Eset have tracked the bitcoin wallet being used to store the ransoms, and since March over 82,000 bitcoins have been deposited in the wallet.
Estimating how much people paid for those bitcoin is difficult however, as the price of bitcoin in that time has fluctuated from a high of over £420 to a low of £203, giving you a range of between £16 million and £34m, with the true total likely lying somewhere in the middle at around £25m.
TorrentLocker is one of a number of pernicious pieces of malware known as ransomware, including CryptoLocker and CryptoWall, which infect computers, encrypt the files on the hard disk and demand a ransom in order to remove the encryption.
TorrentLocker was first uncovered in August by iSight Partners and was seen to be targeting the UK and Australia, but has since expanded its reach to target more countries including Italy, Czech Republic, Germany, and Turkey.
Royal Mail phishing emails
Speaking in Eset's headquarters in Bratislava, security researcher Robert Lipovsky said that the campaign was quite sophisticated with the cryptography aspect of the malware "done quite well", using AES with 256-bit keys, and those keys are stored on a remote sever meaning there is no way of decrypting the victim's files.
Eset is set to publish an extensive report on the development of TorrentLocker next week.
The typical way TorrentLocker is spread is through phishing emails, and in the UK these are tailored to look like they come from the Royal Mail.
The email tells you there is a package on the way and to get the track-and-trace information you need to visit a specific website and download a file.
The email looks relatively authentic as does the website to which you are directed, meaning that a lot of people expecting delivery of a package will be tricked.
While some ransomware displays a message to users suggesting the computer has been locked by the police or some other law enforcement authority, TorrentLocker does, simply telling victims that there files have been locked using CryptoLocker and they need to pay a ransom.
The ransom needs to be paid in bitcoin to take advantage of the cryptocurrency's anonymous features. The criminals have even provided a quick guide to help those who have never used bitcoin before about setting up a wallet and how to purchase some bitcoin.
© Copyright IBTimes 2024. All rights reserved.