Torrentlocker ransomware Removal Guide

Do you know what the Torrentlocker ransomware is?

Torrentlocker is the latest ransomware infection that possesses some of the characteristics of CryptoLocker and CryptoWall. However, the Torrentlocker ransomware has completely new underlying code, which makes this threat unique. It is still unknown whether the infection is being traded on the underground forums, where more sophisticated malware is available to the cyber criminals. Nevertheless, it is crucial to back up personal information on a regular basis so that the data can be restored whenever it is necessary.

The Torrentlocker ransomware encrypts various files and displays a ransom warning which require that a certain amount of money be paid using the Bitcoin electronic currency. The malicious threat is capable of encrypting over 100 file types, including .ptx, .jpg, .doc, .txt, .adb, .cmt, .cib, and .ndd. It is important to note, that, unlike other data encryption programs, the Torrentlocker ransomware connects to a command-and-control (C&C) server and downloads a certificate and the configuration files, and only then the encryption begins. Files are encrypted only when there is an active Internet connection.

Moreover, instead of encoding files in RSA-2048, the Torrentlocker ransomware use the Rijndael algorithm, which is a symmetric cipher.

The infection and valuable details about the encryption reside in the Windows Registry, where the original binary, the message, autorun key, and some other encryption-related details are located.

It has been observed that the Torrentlocker ransomware is aimed at Australia-based computer users because the ransom fee is presented in Australian dollars (AUD). The victim is provided with two options. First, he or she has to buy decryption software for 500 AUD, which is 0.8 BTC. Another option is the same decryption program but it can be purchased later for 1000 AUD.

In order to make a money transaction, the user has to register his/her Bitcoin wallet, acquire the required from a certain Bitcoin seller, and send the money to the attacker’s Bitcoin wallet. In order to urge the victim to pay up, the ransom warning indicates the total number of the encrypted files.

Before paying for the decryption of the files, the user is provided with a chance to restore one file for free.

Similarly to the Cryptolocker ransomware, the Torrentlocker infection allows the victim to contact the attackers via a contact form and also read the FAQ page.

In order to restore your data, you need a specific password, which differs on every computer. It is crucial to remove the infection, and we advise you against paying the money required because you cannot be sure whether you will regain access to your files. As mentioned above, it is important to create new data backups. If your computer is still malware-free and you want to be certain that you can browse the Internet safely, you should install a reputable malware and spyware removal program as soon as you can.

In non-techie terms:

Torrentlocker is a data encryption program that enters the computer via spam emails. In order to prevent computer infections, keep the computer protected against malware and spyware.