Crypto-ransomware rarely means good news for targets, but when it comes to TorLocker malware (detected as Trojan-Ransom.Win32.Scraper by Kaspersky Lab), the victims can decrypt most of the encrypted files without parting with their hard-earned cash.
Initially used to target Japanese users, later variants of the malware were also aimed at English speakers. Despite few code changes, the file encryption algorithm remained the same.
"Our analysis has shown that Trojan-Ransom.Win32.Scraper was presumably written in assembler, which is unusual for this type of malware. The Trojan uses the Tor network to contact its 'owners' – something that is apparently becoming a norm for the new generation of ransomware – and the proxy server polipo," Kaspersky Lab researchers
explain.
