::Trend Micro Threat Resource Center::

13 January 2015

Researchers measure reach of Australian TorrentLocker variant


Last year there were more than 10,000 web hits related to versions of the TorrentLocker malware tailored to Australian audiences in a single month of monitoring by security researchers.

TorrentLocker is a strain of malware that encrypts users' files and forces victims to pay a ransom in bitcoins in order to receive a key to decrypt them.

The base price in Australia is $598, but the ransomware threatens to double the price in 96 hours. Payment takes place through the Tor anonymity service.

TorrentLocker identifies itself as CryptoLocker, which is a separate piece of malware that operates in a similar fashion.

Security vendor Trend Micro and Deakin University researchers monitored local TorrentLocker activity in November last year and registered more than 10,000 hits relating to the malware originating from Australia.

The level of traffic to TorrentLocker-related addresses was obtained by studying a sample from the Trend Micro Web Reputation Service (WRS) and Smart Protection Network.

TorrentLocker phishing emails and destination URLs impersonated Australia Post and NSW's Office of State Revenue.

"This strain of CryptoLocker tailored for Australian victims started in the second half of 2014, and continued up to Christmas Eve," Jon Oliver, a senior threat researcher at Trend Micro Australia, said in a statement.

"The outbreaks have stopped for the New Year break, but will almost certainly continue in the New Year."

"These attacks are technically sophisticated and specifically aimed at Australians and have been significantly increasing since July with an enormous impact on businesses and individuals," said Deakin University's Professor Yang Xiang.

Full report available for download here.