Australian and New Zealand businesses and individuals are being targeted by extortionists using a new strain of ransomware, Deakin University researchers working with security vendor TrendMicro have discovered.
Called TorrentLocker, the malware is spread by social engineering emails with penalty notices that ask users to visit bogus Australia Post and NSW Office of State Revenue websites for payment.
A compressed file is downloaded from the fake websites and executed on victims' machines to deploy the TorrentLocker malware.
Users are then given four days or 96 hours to pay A$598 to unlock their systems, or the ransom will double. Payments are to be made in Bitcoin, and researchers said the criminals use a chain of transfers to make the transactions difficult to trace, as well as the anonymising The Onion Router (TOR) network to transmit details.
Once payment has been made, the criminals send decryption software to victims. The decryption software only works on a specific, infected machine. Using it on another infected system will destroy files and render them unusable, researchers said.
While the malware identifies itself as CryptoLocker, which also encrypts data and locks out users from their systems and demands a ransom, the researchers say the present spate of TorrentLocker infections are completely different from the former attack.
The researchers believe that the TorrentLocker malware adopts the CryptoLocker moniker to exploit fear of the well known ransomware, which in 2013 was used to attack tens of thousands of computers throughout the world.
Deakin Uni and TrendMicro conducted the research during November last year, and counted around 10,000 web (HTTP/HTTPS protocol) transactions related to the TorrentLocker malware.
Half of these were confirmed as malicious, while the other half were rated as suspicious by the researchers.
The researchers did not identify who they believed were behind the TorrentLocker attacks or their location.