A new report from security firm ESET finds that the TorrentLocker ransomware scam has now encrypted an estimated 285 million files. Unfortunately, ESET security experts don't see the rate of infections dropping off any time soon.

A TorrentLocker infection, like other ransomware schemes (such as CryptoWall or CryptoLocker), usually takes place when a victim downloads a malicious file. Although the name TorrentLocker might suggest infections come through the way of torrents (a file typically used for file sharing), it does not; in fact, most TorrentLocker infections come through email.

ESET says the people behind TorrentLocker have become remarkably adept at devising spam emails that grab and hold a target's attention; this includes emails about unpaid invoices, traffic violations, and mailed packages with tracking numbers. In most cases, the emails are tailored to a target's home country, making them even more believable.

TorrentLocker Rapidly Spreading Around the World

Once the infection is set, TorrentLocker encrypts a victim's files, making it impossible for users to access them. At that point, cybercriminals behind the ransomware demand the victim pay a ransom -- usually a few hundred dollars -- to regain control of their system.

ESET's report shows that there have been just under 40,000 TorrentLocker infections around the world, representing roughly 285 million files. TorrentLocker first emerged in Australia this past August, making its rapid growth alarming to security experts. ESET's study indicates that TorrentLocker has now spread to many other countries, including Canada, the United Kingdom, Italy, Germany, France, Holland, Spain, Turkey, the Czech Republic, and Ireland.

So far there have not been any reports of TorrentLocker infections in the United States, though it's expected infections will emerge there soon. (Source: pcworld.com)

Victims Must Pay Bitcoin Ransom to Retrieve Files

The ESET report also notes that, of the roughly 40,000 TorrentLocker victims, 570 have agreed to pay the ransom, representing a 1.4 per cent conversion rate. In most cases this ransom must be paid in Bitcoin, a virtual currency.

In one widely reported case, the computer system of Bussoleno, Italy's town council was infected by TorrentLocker. Without consulting PC security experts or law enforcement officials, the councillors paid the ransom of approximately 400 euros (or roughly $500 USD). Although the payment allowed the Bussoleno councillors access to their files, security experts do not recommend negotiating with cybercriminals. (Source: techworld.com)

Overall, it's estimated that the cybercriminals behind TorrentLocker have netted themselves around half a million U.S. dollars using the scam.

What's Your Opinion?

Have you or anyone you know ever encountered a ransomware scam? If so, what was the experience like? Have you noticed that spam emails, like those associated with TorrentLocker, are becoming more convincing and harder to detect?