TorrentLocker Ransomware Spreading Fast: Report

Brandon Dimmel's picture

A new report from security firm ESET finds that the TorrentLocker ransomware scam has now encrypted an estimated 285 million files. Unfortunately, ESET security experts don't see the rate of infections dropping off any time soon.

A TorrentLocker infection, like other ransomware schemes (such as CryptoWall or CryptoLocker), usually takes place when a victim downloads a malicious file. Although the name TorrentLocker might suggest infections come through the way of torrents (a file typically used for file sharing), it does not; in fact, most TorrentLocker infections come through email.

ESET says the people behind TorrentLocker have become remarkably adept at devising spam emails that grab and hold a target's attention; this includes emails about unpaid invoices, traffic violations, and mailed packages with tracking numbers. In most cases, the emails are tailored to a target's home country, making them even more believable.

TorrentLocker Rapidly Spreading Around the World

Once the infection is set, TorrentLocker encrypts a victim's files, making it impossible for users to access them. At that point, cybercriminals behind the ransomware demand the victim pay a ransom -- usually a few hundred dollars -- to regain control of their system.

ESET's report shows that there have been just under 40,000 TorrentLocker infections around the world, representing roughly 285 million files. TorrentLocker first emerged in Australia this past August, making its rapid growth alarming to security experts. ESET's study indicates that TorrentLocker has now spread to many other countries, including Canada, the United Kingdom, Italy, Germany, France, Holland, Spain, Turkey, the Czech Republic, and Ireland.

So far there have not been any reports of TorrentLocker infections in the United States, though it's expected infections will emerge there soon. (Source:

Victims Must Pay Bitcoin Ransom to Retrieve Files

The ESET report also notes that, of the roughly 40,000 TorrentLocker victims, 570 have agreed to pay the ransom, representing a 1.4 per cent conversion rate. In most cases this ransom must be paid in Bitcoin, a virtual currency.

In one widely reported case, the computer system of Bussoleno, Italy's town council was infected by TorrentLocker. Without consulting PC security experts or law enforcement officials, the councillors paid the ransom of approximately 400 euros (or roughly $500 USD). Although the payment allowed the Bussoleno councillors access to their files, security experts do not recommend negotiating with cybercriminals. (Source:

Overall, it's estimated that the cybercriminals behind TorrentLocker have netted themselves around half a million U.S. dollars using the scam.

What's Your Opinion?

Have you or anyone you know ever encountered a ransomware scam? If so, what was the experience like? Have you noticed that spam emails, like those associated with TorrentLocker, are becoming more convincing and harder to detect?

Rate this article: 
Average: 4.9 (10 votes)


doliceco's picture

Has anyone published a list of anti-virus or anti-malware software that guards against infection by TorrentLocker? If so where can this list be found?

Dennis Faas's picture

I am unaware of such a list, but you could perhaps do a search for "torrentlocker avast" or "torrentlocker [insert antivirus here]" to find a similar page of that nature. I think the best advice to protect yourself against Torrentlocker and similar threats is to: make backups on a regular basis (disk images preferred), keep the operating system and antivirus and anti-malware up to date, and don't click on any links or file attachments you didn't ask for via email, even if you know the person. Anyone needing help setting up backups or getting windows updates, etc working is welcome to contact me via the contact form for assistance.

BikeMobile's picture

A couple of my helped-group have clicked themselves into enough malware that the conflicting malware was jamming the system like the three-stooges trying to go through a doorway together. One was so bad it corrupted the restore partition on a Windows-7 system and had to go back to the manufacturer for restoration. That operator didn't learn anything from it and still is looking for the "perfect defense" to avoid the consequences of operator error. Games in that case, but could as easily be anything that sparks an interest. As you said in your article, the worst risk is from being convinced to do something you shouldn't. No third-party prevention for that, and again as you said, backup (of user data at a minimum) and a restore system that works is the best recovery system. My weakness is Rogue Anti-malware. I have given myself a mandate to never decide to install anything I have not spent due diligence on vetting and only after refreshing my backups. Thanks for the refresher-reminders.