New TorrentLocker (Crypt0L0cker) variant released that Encrypts files with the .ENC Extension

[Petrovic]

TorrentLocker is a ransomware that has been around since August of 2014, but had its greatest distribution in early to mid 2015.  With its largest distribution campaigns targeting Netherlands, Italy, and Australian victims, TorrentLocker was quickly overshadowed by ransomware infections such as CryptoWall and TeslaCrypt.

 

It comes as a surprise that we see a new campaign and variant of TorrentLocker that encrypts victim's files with the .ENC extension. First spotted by Emsisoft security researcher xXToffeeXx, this partcular distribution campaign is using SPAM emails that pretend to be bills from the Italian energy company Enel.  These emails will contain an attachment called ENEL_BOLLETA.zip, which contains a JS file called ENEL_BOLLETA.js.

ENEL_BOLLETTA.ZIP File

When the JS file is executed, it will download the TorrentLocker executable, save it to the %Temp% folder, and execute it.  Once executed, it will encrypt the computer's data and append the .ENC extension to encrypted files as shown below.

Encrypted Files

It will then display a random named ransom note that provides instructions on how to access the TorrentLocker payment site.

Ransom Note

While this particular sample seems to be targeting Italian victims, there are most likely other campaigns targeting other countries.

Article source

 

[SnakeMasteR]

What's with the o? Maybe these guys weren't f0r that l0ng in sch00l that they assume o equals 0. Oh well.

[Slowe]

On 8/14/2016 at 7:21 PM, n0_risk! said:

What's with the o? Maybe these guys weren't f0r that l0ng in sch00l that they assume o equals 0. Oh well.

After Hitler ransomware nothing surprises me

http://manual-removal.com/docm/