Saturday, 6 September 2014

ESET Ireland warns of a new ransomware threat



ESET Ireland warns of a new ransomware threat that is spreading among UK internet users, coming in the form of fake Royal-Mail package-tracking and asking for 350 GBP to decrypt locked files.



Three weeks ago a new Ransomware encrypting victims’ documents was discovered and named TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing. In August, only Australians were targeted with fake Australian Post emails.



While tracking this new threat, ESET researchers found the malicious gang is targeting new victims. Internet users from the United Kingdom should be aware thatfake Royal Mail package-tracking pages are online and distributing TorrentLocker.



It is interesting to note that the fake Royal Mail page will only show if the visitor is from the UK. Filtering seems to be based on the IP address of the request. If the request does not come from a UK IP address, the victim will be redirected togoogle.com.



Once TorrentLocker infects a computer, the victims’ documents are encrypted and they are asked for a ransom of 350 GBP if paid within 72 hours or 700 GPB otherwise. Payment is done via Bitcoin transaction (1.19 BTC or 2.38 BTC). The Bitcoin wallet that is associated with collecting the ransom money for this and other similar scams, has collected over 40 million USD since March.



Visit ESET Ireland’s blog for the full story including screenshots of the latest threat.