24
current state of ransomware?
With this in your mind, SophosLabs risk research workers James Wyke and Anand Ajjan lately released a comprehensive and well-written paper entitled The Present State of Ransomware, giving their skilled evaluation of the more recent forms, how they work, and what people and companies can do to remain safe.
On one of the very common ransomware families, CryptoWall, we started with our post in our website chain looking at this research. Now, we’ll take a closer look at TorrentLocker, a family of file-encrypting ransomware that’s nearly entirely spread through junk e-mail efforts and is notable for being quite geographically targeted. Both first baits and ransom notes are localized to the area that is targeted, as well as the amount of areas found to have been targeted by TorrentLocker is not inconsiderable.
Named after a registry key that early versions created during execution, TorrentLocker is usually called “CryptoLocker,” in an effort to play on the brand recognition of the first, authentic CryptoLocker. In addition, it goes a step farther than ransomware families to be able to additional propagate itself by harvest email addresses from the victim’s machine.
TorrentLocker infections are more often than not started with a junk e-mail. We have seen junk efforts with the TorrentLocker executable attached to the email message, along with some that have contained an office document that was attached with an embedded macro that can download and run the TorrentLocker file.
Junk messages reveal a higher level of grammatical correctness than typical malicious junk efforts with few if any spelling errors, indicating that a native speaker of the special language most probably wrote the messages. Figure 1 shows a junk message aimed at Australian casualties made to look like an e-mail from the Australian Office of State Revenue.
There are no comments.