![]() ![]() Targeted countries include Australia, Austria, Canada, Czech Republic, Italy, Ireland, France, Germany, Netherlands, New Zealand, Spain, Turkey, United Kingdom. Researchers suspected that TorrentLocker was from the same family as Hesperbot banking malware. In 2014, the malicious coders behind TorrentLocker generated about $300,000 in ransom payments. Average payment was up to 4.081Bitcoins (approximately US$1500), as reported by researchers at ESET. Typically, TorrentLocker encrypted the victim’s files via AES-256 encryption algorithm and requested a payment in Bitcoin. It got its name from a blog post by iSIGHT Partners published in the summer of 2014. TorrentLocker is also known as Win32/Filecoder.DI. The creators of this ransomware family have been seen to impersonate CryptoLocker and apply its name on the ransom message and the payment website. CryptoLocker Copycat Number Three: TorrentLocker Hence, the key to decrypt the encrypted files was on the affected system. Windows CryptoAPI, however, is ‘equipped’ with several aberrations that, obviously, were not known by CryptoDefense’s creators – it creates local copies of the RSA keys on the victim’s compute. CryptoDefense employed the Windows CryptoAPI application. The main difference between the two ransomware pieces is that CryptoLocker generated the RSA encryption and decryption keys on the Command & Control server. However, that claim later turned out to be untrue. ![]() It pretended to use the RSA-2048 encryption algorithm, claiming that once encrypted, the user’s files would no longer be accessible. Similar to CryptoLocker, CryptoDefense was distributed primarily via spam email campaigns. Learn More about PClock Ransomware CryptoLocker Copycat Number Two: CryptoDefense Ransomware ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |