Home Malware Programs Ransomware TorrentLocker Ransomware

TorrentLocker Ransomware

Posted: August 19, 2014

Threat Metric

Threat Level: 10/10
Infected PCs: 1,881
First Seen: August 19, 2014
Last Seen: June 29, 2021
OS(es) Affected: Windows


The TorrentLocker Ransomware is a new file encryptor Trojan whose campaign is believed to be targeting Australian resi-dents through disguised e-mail files. Like the CryptoWall Ransomware or CryptoLocker, whose components the TorrentLocker Ransomware borrows, the TorrentLocker Ransomware modifies file data on your PC to make the files unreadable, thereafter demanding a BitCoin ransom in exchange for reversing the attack. As an alternative to rewarding its creators for their bad behavior, mal-ware researchers would recommend using file backups to ignore the consequences of these attacks, and anti-malware prod-ucts to remove the TorrentLocker Ransomware from any infected PCs.

The TorrentLocker Ransomware: the File Lock-Up that's not as Tight as You'd Think

The TorrentLocker Ransomware is a clear example of threat authors taking other authors' work for personal use, and the TorrentLocker Ransomware even presents itself as a variant of the 'CryptoLocker Virus' in its ransom messages. This misleading message most likely is an effort to make victims believe that their files suffer from encryption by a strong algorithm that would be difficult to break, as opposed to the Rijindael algorithm in use by the TorrentLocker Ransomware. In spite of the relative weakness of Rijindael, malware experts have noted evidence of the TorrentLocker Ransomware rotating the passwords used for its file-encrypting attacks that may make a reversal of its effects by third-party utilities difficult.

However, the TorrentLocker Ransomware's attacks begin with disguised executable files that are distributed through e-mail messages, most likely as fake invoices and delivery notification messages. Because of the use of Australian domains and currencies in the TorrentLocker Ransomware's ransom messages, malware researchers find Australian residents to be in the greatest danger of the TorrentLocker Ransomware attacks, although the TorrentLocker Ransomware is not necessarily regionally specific in terms of its code. Despite borrowing separate modules of both the CryptoWall Ransomware and CryptoLocker, two similar ransomware families, the TorrentLocker Ransomware's internal code is independent and is verifiable as a separate threat.

Protecting Your Computer from the Latest in File Lockers

The TorrentLocker Ransomware is coded to make contact with a remote server prior to initializing its file-encrypting attack. Because of this weakness, PCs that lack Internet connections will not have their files encrypted. Ordinarily, scanning suspicious e-mail files with appropriate security software also should identify the TorrentLocker Ransomware's mislabeled EXE files and similar threat droppers. Detecting the TorrentLocker Ransomware after its installation may be complicated by its injection into the normal Windows process of explorer.exe. For PCs that already have had their files compromised by the TorrentLocker Ransomware, malware researchers find it simplest to recommend restoring the files from a remote backup source, such as a USB device or cloud storage server.

The TorrentLocker Ransomware may not show any new functions that would make the TorrentLocker Ransomware an innovative example of a file locker Trojan. Nonetheless, its dearth of creativity doesn't translate into the TorrentLocker Ransomware being an ignorable PC threat, and its attacks are just as easily capable of depriving you of access to Word documents, image files or audio files, as some examples of potentially affected data. As a final reminder, malware experts find no advantage to paying the BitCoin ransom that the TorrentLocker Ransomware demands, due to the general lack of trustworthiness regarding ill-minded persons keeping their words about restoring encrypted files.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\SysWOW64\lsassw86s.exe File name: lsassw86s.exe
Size: 923.64 KB (923648 bytes)
MD5: 2a3677209976516d5925140e56d2b3fc
Detection count: 117
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 576 KB (576000 bytes)
MD5: dddb0f61a2464e5dd086d331edef9ed7
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 5.17 MB (5172736 bytes)
MD5: 24cba908a0c694b3f7b01f9e06834dfb
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe File name: lsassw86s.exe
Size: 5.33 MB (5331456 bytes)
MD5: c6cdf1ab343efcc37a3e617edb741017
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 7.21 MB (7214592 bytes)
MD5: e507ad76527cd063c12798a1d6169837
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 7.2 MB (7208448 bytes)
MD5: 33a2ac19e8c6c2ba26e9cab5b2d2b42c
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 5.25 MB (5251584 bytes)
MD5: ba4687e7af60c53bcc65bff2e2b65293
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe File name: lsassw86s.exe
Size: 811 KB (811008 bytes)
MD5: d85620cae65e8f0e994afcb79c7b0178
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 577.53 KB (577536 bytes)
MD5: 6548ae9209723c67276629d30cc676d0
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 5.25 MB (5255680 bytes)
MD5: cd88c44effa80d1eacefdd357934d9c7
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 2.93 MB (2935296 bytes)
MD5: 33e6a5d26d9a427d270f0f0251dc3dce
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 5.78 MB (5780992 bytes)
MD5: ffe0bbe76e85a0285c1b0872911efaeb
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\SysWOW64\lsassw86s.exe File name: lsassw86s.exe
Size: 577.53 KB (577536 bytes)
MD5: 2b9ac3b518a724549b1870d994b4338c
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 2.23 MB (2238976 bytes)
MD5: be8174c65aa8b6ee80719bf64fd10de6
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 2.93 MB (2935296 bytes)
MD5: e88b66496a794889c09d2917c185049b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 7.21 MB (7214592 bytes)
MD5: 9794f91db5e133e1071b9b93fae10bcc
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 5.16 MB (5168640 bytes)
MD5: f265b5d9e0060a3203dbd2489f8c2b56
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 576 KB (576000 bytes)
MD5: 59b03095693ccf1ba32b3908d57c2ae6
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 22, 2018
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 567.8 KB (567808 bytes)
MD5: ae6c0969b3925f3f6de0f05b20b29244
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016
%WINDIR%\system32\lsassw86s.exe File name: lsassw86s.exe
Size: 1.45 MB (1451520 bytes)
MD5: 5848056b3093a661c3efdd8c5e22bd7a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 30, 2016

More files

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%WINDIR%\system32\lsassw86s.exe%WINDIR%\SysWOW64\lsassw86s.exe
Loading...