Malware group ‘nearly as successful’ as CryptoLocker authors.
Hackers behind the TorrentLocker ransomware have already patched a decryption bug found only last week, according to security firm iSight Partners.
Victims of previous iterations of the malware could decrypt their files if they had a single unencrypted backup of any of the items affected, since the key to all files could be deduced by applying an XOR cipher between encrypted and plain text files.
Richard Hummel, senior technical intelligence analyst at iSight Partners, said: "TorrentLocker continues to be a notable threat to a wide variety of users, and the number of infections and subsequent payment of Bitcoins suggest that the malware authors are nearly as successful as the actors responsible for CryptoLocker."
A phishing page mimicking the Australian postal service is said to be the initial source of the infection, with only those accessing the site through Australian IP addresses being served with the malware.
After spreading the campaign to the UK hackers enabled the malware to collect emails and added a botnet, which iSight Partners believe is for tracking purposes.
"It is unclear how broadly TorrentLocker targeting will spread in the near future," Hummel added.
"While it is currently limited to Australia and the United Kingdom, it would almost certainly be trivial for the actors to expand targeting to other English-speaking countries and regions."