Name | TorrentLocker |
Type | Crypto Ransomware |
Encryption Type | 256-Bit AES Key encrypted with RSA, Uses Rijndael algorith |
Short Description | This gets into the system through spam e-mails, once it gets inside the windows it starts to encrypt the victim user files and then finally demands the ransom in bitcoins through Tor. |
Symptoms | This ransomware follows a complicated evasion technique so that it cannot be tracked and detected through scans. This ransomware slows downs the performance of the system because it consumes a lot of CPU utilization and then freezes the display, increases the number of Pop-Ups that are displayed in the system. |
Distribution Method | The method of distribution Is as same as crypto locker and other torrent locker Torrentlocker uses the similar technique of Cryptolocker. |
Image | ![]() |
More Details | Once this gets downloaded it install itself into the victim's device and also it downloads many other files which are Trojans and other malicious things. Once the downloading is done then it starts to scans the files of the device but it targets only specific file that it is programmed for some of the targeted files are as given below , once this scan is completed then the encryption process is started during encryption process the following files are encrypted. *.wb2,*.psd,*.p7c,*.p7b,*.p12,*.pfx,*.pem,*.crt,*.cer,*.der, *.pl,*.py,*.lua,*.css,*.js,*.asp,*.php,*.incpas,*.asm,*.hpp, *.h,*.cpp,*.c,*.7z,*.zip,*.rar,*.drf,*.blend,*.apj,*.3ds, *.dwg,*.sda,*.ps,*.pat,*.fxg,*.fhd,*.fh,*.dxb,*.drw,*.design, *.ddrw,*.ddoc,*.dcs,*.csl,*.csh,*.cpi,*.cgm,*.cdx,*.cdrw, *.cdr6,*.cdr5,*.cdr4,*.cdr3,*.cdr,*.awg,*.ait,*.ai,*.agd1, *.ycbcra,*.x3f,*.stx,*.st8,*.st7,*.st6,*.st5,*.st4,*.srw, *.srf,*.sr2,*.sd1,*.sd0,*.rwz,*.rwl,*.rw2,*.raw,*.raf,*.ra2, *.ptx,*.pef,*.pcd,*.orf,*.nwb,*.nrw,*.nop,*.nef,*.ndd,*.mrw, *.mos,*.mfw,*.mef,*.mdc,*.kdc,*.kc2,*.iiq,*.gry,*.grey,*.gray, *.fpx,*.fff,*.exf,*.erf,*.dng,*.dcr,*.dc2,*.crw,*.craw,*.cr2, *.cmt,*.cib,*.ce2,*.ce1,*.arw,*.3pr,*.3fr,*.mpg,*.jpeg,*.jpg, *.mdb,*.sqlitedb,*.sqlite3,*.sqlite,*.sql,*.sdf,*.sav,*.sas7bdat, *.s3db,*.rdb,*.psafe3,*.nyf,*.nx2,*.nx1,*.nsh,*.nsg,*.nsf,*.nsd, *.ns4,*.ns3,*.ns2,*.myd,*.kpdx,*.kdbx,*.idx,*.ibz,*.ibd,*.fdb, *.erbsql,*.db3,*.dbf,*.db-journal,*.db,*.cls,*.bdb,*.al,*.adb, *.backupdb,*.bik,*.backup,*.bak,*.bkp,*.moneywell,*.mmw,*.ibank, *.hbk,*.ffd,*.dgc,*.ddd,*.dac,*.cfp,*.cdf,*.bpw,*.bgt,*.acr,*.ac2, *.ab4,*.djvu,*.pdf,*.sxm,*.odf,*.std,*.sxd,*.otg,*.sti,*.sxi,*.otp, *.odg,*.odp,*.stc,*.sxc,*.ots,*.ods,*.sxg,*.stw,*.sxw,*.odm,*.oth, *.ott,*.odt,*.odb,*.csv,*.rtf,*.accdr,*.accdt,*.accde,*.accdb, *.sldm,*.sldx,*.ppsm,*.ppsx,*.ppam,*.potm,*.potx,*.pptm,*.pptx, *.pps,*.pot,*.ppt,*.xlw,*.xll,*.xlam,*.xla,*.xlsb,*.xltm,*.xltx, *.xlsm,*.xlsx,*.xlm,*.xlt,*.xls,*.xml,*.dotm,*.dotx,*.docm,*.docx, *.dot,*.doc,*.txt During injection the virus table holds NTDLL.DLL, SHLWAPI.DLL, WININET.DLL, MAPI32.DLL, KERNEL32.DLL, USER32.DLL, ADVAPI32.DLL, SHELL32.DLL ,OLEAUT32.DLL, CRYPT32.DLL and , OLE32.DLL. It uses an open source Lib to help in the encryption named LibTom. |