The Australian Federal Police, Australia Post, and New Zealand post are among several organisations across 22 countries targeted by TorrentLocker, a crypto-ransomware, according to ESET researchers.
TorrentLocker displays a page claiming that a “document” should be downloaded. If it is in fact downloaded and opened, it is then executed.
According to ESET this current version of TorrentLocker is extremely localised and victims are provided with information in their own languages and own currency.
Nick Fitzgerald, ESET senior research fellow, says these newer TorrentLocker variants have really upped the ante.
“Earlier variants, just like other crypto-ransomware, encrypted files of specific types, as determined by their filename extension,” he says.
“The recent variants turn that approach on its head, encrypting all files except for a few types necessary to allow the system to keep working after the file system has been encrypted,” explains Fitzgerald.
“This new approach to encrypting nearly all files on a system will have ramifications for the kind of backups needed to properly restore a system that has been encrypted by TorrentLocker.”
He says that as always, unexpected offers, and especially claims of criminal behaviour that are received by email should be treated with great skepticism.
“Should you have been expecting such an email anyway, rather than clicking the links in the email, enter the homepage address of the organisation in your browser’s address bar, or visit it via one of your own bookmarks, and follow the options provided at the site to locate your reputedly ‘missing’ parcel, ‘unpaid fine’, etc using the apparent reference number from the email,” he explains.
To protect yourself and avoid being infected by ransomware, including TorrentLocker, Fitzgerald advises you to follow these 11 tips:
“Ransomware is very active in Australia and New Zealand and will be increasingly targeting users moving forward,” says Fitzgerald.
“Users shouldn’t panic when encountering these kinds of situations and follow best practices to retrieve their data. Proactive prevention and protection can significantly reduce the risks and impact of malware and ransomware attacks.”