Creator Fixes TorrentLocker Encryption After Researchers Unlock It

Ransomware Locked FilesEarlier this month, security researchers shared some good news with end-users that had their computer files encrypted by TorrentLocker: they found a way to decrypt the files without paying the ransom.

The ability to decrypt files without paying was due to mistakes made by TorrentLocker’s creator – a detailed explanation can be read on the SANS DFIR blog.

TorrentLocker is ransomware that, like all the others, encrypts files and displays a message to the victim demanding that they pay a fee to have their files restored.

TorrentLocker Warning MessageInterestingly enough, the message screen presented to the user claims that they are infected by the infamous CryptoLocker and not TorrentLocker. It’s believed that the creator did this to play off CryptoLocker’s popularity – and reputation of having unbreakable encryption. (Side note: CryptoLocker victims can restore their files, but that’s because authorizes took out the Gameover ZeuS botnet.)

In any case, a TorrentLocker decryptor was born. TorrentLocker victims could use it to decrypt files encrypted by TorrentLocker as long as they have both the original and encrypted version of a file that was over 2MB in size.

Everything is fine and dandy, until…

TorrentLocker Creator Updates Ransomware

It seems that the miscreant behind TorrentLocker has corrected their mistakes and users can no longer use the TorrentLocker decryptor to get their files back.

There is a chance that files can be restored using data recovery software by R-Studio or Photorec due to the way this new TorrentLocker variant deletes original files. However, please be advised that the more your PC is used the harder it will be to recover those files.

Protect Your Data – Back It Up!

Backing up your computer data is now important than ever.

It’s been nearly a year since we first wrote about CryptoLocker and it’s been followed by a series of knockoffs – CryptoWall, CryptoDefense, CryptoWall, Critoni, Locker and now TorrentLocker. Clearly the threats are not going to stop, so make sure you have a disaster recovery plan in place. Backup your data!

Like this post? Follow us online by liking us on Facebook, following us on Twitter (@thechipmerchant), or circling us on Google+.