TorrentLocker Ransomware
Posted: August 19, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 1,881 |
First Seen: | August 19, 2014 |
---|---|
Last Seen: | June 29, 2021 |
OS(es) Affected: | Windows |
The TorrentLocker Ransomware is a new file encryptor Trojan whose campaign is believed to be targeting Australian resi-dents through disguised e-mail files. Like the CryptoWall Ransomware or CryptoLocker, whose components the TorrentLocker Ransomware borrows, the TorrentLocker Ransomware modifies file data on your PC to make the files unreadable, thereafter demanding a BitCoin ransom in exchange for reversing the attack. As an alternative to rewarding its creators for their bad behavior, mal-ware researchers would recommend using file backups to ignore the consequences of these attacks, and anti-malware prod-ucts to remove the TorrentLocker Ransomware from any infected PCs.
The TorrentLocker Ransomware: the File Lock-Up that's not as Tight as You'd Think
The TorrentLocker Ransomware is a clear example of threat authors taking other authors' work for personal use, and the TorrentLocker Ransomware even presents itself as a variant of the 'CryptoLocker Virus' in its ransom messages. This misleading message most likely is an effort to make victims believe that their files suffer from encryption by a strong algorithm that would be difficult to break, as opposed to the Rijindael algorithm in use by the TorrentLocker Ransomware. In spite of the relative weakness of Rijindael, malware experts have noted evidence of the TorrentLocker Ransomware rotating the passwords used for its file-encrypting attacks that may make a reversal of its effects by third-party utilities difficult.
However, the TorrentLocker Ransomware's attacks begin with disguised executable files that are distributed through e-mail messages, most likely as fake invoices and delivery notification messages. Because of the use of Australian domains and currencies in the TorrentLocker Ransomware's ransom messages, malware researchers find Australian residents to be in the greatest danger of the TorrentLocker Ransomware attacks, although the TorrentLocker Ransomware is not necessarily regionally specific in terms of its code. Despite borrowing separate modules of both the CryptoWall Ransomware and CryptoLocker, two similar ransomware families, the TorrentLocker Ransomware's internal code is independent and is verifiable as a separate threat.
Protecting Your Computer from the Latest in File Lockers
The TorrentLocker Ransomware is coded to make contact with a remote server prior to initializing its file-encrypting attack. Because of this weakness, PCs that lack Internet connections will not have their files encrypted. Ordinarily, scanning suspicious e-mail files with appropriate security software also should identify the TorrentLocker Ransomware's mislabeled EXE files and similar threat droppers. Detecting the TorrentLocker Ransomware after its installation may be complicated by its injection into the normal Windows process of explorer.exe. For PCs that already have had their files compromised by the TorrentLocker Ransomware, malware researchers find it simplest to recommend restoring the files from a remote backup source, such as a USB device or cloud storage server.
The TorrentLocker Ransomware may not show any new functions that would make the TorrentLocker Ransomware an innovative example of a file locker Trojan. Nonetheless, its dearth of creativity doesn't translate into the TorrentLocker Ransomware being an ignorable PC threat, and its attacks are just as easily capable of depriving you of access to Word documents, image files or audio files, as some examples of potentially affected data. As a final reminder, malware experts find no advantage to paying the BitCoin ransom that the TorrentLocker Ransomware demands, due to the general lack of trustworthiness regarding ill-minded persons keeping their words about restoring encrypted files.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%WINDIR%\SysWOW64\lsassw86s.exe
File name: lsassw86s.exeSize: 923.64 KB (923648 bytes)
MD5: 2a3677209976516d5925140e56d2b3fc
Detection count: 117
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 576 KB (576000 bytes)
MD5: dddb0f61a2464e5dd086d331edef9ed7
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 5.17 MB (5172736 bytes)
MD5: 24cba908a0c694b3f7b01f9e06834dfb
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe
File name: lsassw86s.exeSize: 5.33 MB (5331456 bytes)
MD5: c6cdf1ab343efcc37a3e617edb741017
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 7.21 MB (7214592 bytes)
MD5: e507ad76527cd063c12798a1d6169837
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 7.2 MB (7208448 bytes)
MD5: 33a2ac19e8c6c2ba26e9cab5b2d2b42c
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 5.25 MB (5251584 bytes)
MD5: ba4687e7af60c53bcc65bff2e2b65293
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe
File name: lsassw86s.exeSize: 811 KB (811008 bytes)
MD5: d85620cae65e8f0e994afcb79c7b0178
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 577.53 KB (577536 bytes)
MD5: 6548ae9209723c67276629d30cc676d0
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 5.25 MB (5255680 bytes)
MD5: cd88c44effa80d1eacefdd357934d9c7
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 2.93 MB (2935296 bytes)
MD5: 33e6a5d26d9a427d270f0f0251dc3dce
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 5.78 MB (5780992 bytes)
MD5: ffe0bbe76e85a0285c1b0872911efaeb
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe
File name: lsassw86s.exeSize: 577.53 KB (577536 bytes)
MD5: 2b9ac3b518a724549b1870d994b4338c
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 2.23 MB (2238976 bytes)
MD5: be8174c65aa8b6ee80719bf64fd10de6
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 2.93 MB (2935296 bytes)
MD5: e88b66496a794889c09d2917c185049b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 7.21 MB (7214592 bytes)
MD5: 9794f91db5e133e1071b9b93fae10bcc
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 5.16 MB (5168640 bytes)
MD5: f265b5d9e0060a3203dbd2489f8c2b56
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 576 KB (576000 bytes)
MD5: 59b03095693ccf1ba32b3908d57c2ae6
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 22, 2018
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 567.8 KB (567808 bytes)
MD5: ae6c0969b3925f3f6de0f05b20b29244
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe
File name: lsassw86s.exeSize: 1.45 MB (1451520 bytes)
MD5: 5848056b3093a661c3efdd8c5e22bd7a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
More files
Registry Modifications
Regexp file mask%WINDIR%\system32\lsassw86s.exe%WINDIR%\SysWOW64\lsassw86s.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.