Computer Security Threats

Posted by: Bob Bayn on Sep 11, 2014

Another Ransomware Scam Bites the Dust

Another Ransomware Scam Bites the Dust

Close on the heels of CryptoLocker and CryptoWall came the new ransomware called TorrentLocker.

Ransomware is malware that you might get in an email attachment or a drive-by download from an infected website.  It will encrypt some or all of the files stored on your computer and then offer to sell you the decryption key. The key can often be obtained for a few hundred dollars, in a credit card transaction or BitCoin.  Sometimes, after paying the ransome, the key will not decrypt your files.  If your computer gets infected by a well-crafted ransomeware, then your only hope is to have a recent backup of all the files you don't want to lose.

Researchers have discovered that the developers of TorrentLocker have taken some shortcuts that render their encryption less secure.  A way has been discovered to a way to reverse-engineer the decryption key if an unencrypted copy of at least one file remains.  The file must be bigger than about 2MB for the reversal to work.

This is good news for recent victims of TorrentLocker.  But the announcement has put the developers of TorrentLocker on alert to improve their encryption for the future.  Next month's TorrentLocker victims probably won't be so lucky.

Even if you are an Internet Skeptic, sooner or later you'll hit a drive-by download that could deliver a successful ransomware so your best defense is maintaining separate backups of all the files that you don't want to lose - documents and photos, etc.  Backup to a removable hard drive or to the cloud.  You have lots of choices; any of them would be better than doing nothing.

Many details here are taken from Researchers unlock TorrentLocker encryption.

Followup [September 18]:

The creators of TorrentLocker have fixed their encryption problems.  As a result their malware is a greater threat.  Details of their "improvements" can be found at: Encryption goof fixed in TorrentLocker file-locking malware.