- Jan 24, 2011
- 9,378
The handlers of TorrentLocker file-encrypting ransomware started to move their operation from Australia and are currently sending fraudulent emails to users in Europe, those in the United Kingdom being the most targeted.
Historically, Australia was the country where most TorrentLocker attacks were recorded, but security researchers observed that spam campaigns delivering this piece of malware have decreased in the region.
Cybercriminals are now focusing their operation on countries like the UK (33.48%), Turkey (21.44%), the United States (14.60%), Italy (10.85%) and Germany (6.38%), according to telemetry data from Trend Micro. Other countries are also affected, with Spain and Poland also being on the list.
Same lure works in other countries
The method of compromise does not differ from what has been seen in Australia. The victim receives an email claiming to be from a utility company or a parcel delivery entity (courier, post), and is instructed to download a file of interest from a provided link.
The URL leads to a spoofed website version of the organization and asks them to solve a captcha, for credibility. Once the file is downloaded and launched, the system is infected with TorrentLocker, which begins its file encryption routine. Trend Micro says that many of the victims are from the healthcare sector.
Emails distributed to users in the UK purport to be from British Gas or government bodies like the Home Office or the Ministry of Justice.
Read more: http://news.softpedia.com/news/torrentlocker-ransomware-wants-to-gain-some-pounds-485901.shtml