TorLocker ransomware variant target Japanese users

TorLocker ransomware variant target Japanese users, ransomware attack, Symantec security reports, ransomware updates, attacks by ransomware , news on ransomware , TorLocker ransomware , about TorLocker ransomware
Admin
Admin
TorLocker ransomware variant target Japanese users, ransomware attack, Symantec security reports, ransomware updates, attacks by ransomware , news on ransomware , TorLocker ransomware , about TorLocker ransomware
Attacks from the Ransomware is not a new things and earlier also we have noted many Ransomware attacks cyber cyber criminals. Mostly cyber criminals targets US, UK and Japan users with its malicious activity. However, the holidays is going on and this is good time for the cyber criminals to get their victim, as on holiday users surfs  internet for shopping and other things.

Symantec security team have found another variants of Ransomware in the wild that was designed to target users who speak Japanese. The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files.

TorLocker is been used many times in ransomeware attack around the world.  The threat is part of an affiliate program, where the program’s operator gives participants the builder to create custom ransomware, access to the TorLocker control panel to track infections, and miscellaneous files to be used in conjunction with the malware. In return, the participants give a portion of the profit from the attack to the affiliate program’s operator.

This variant of the TorLocker mainly targets Japanese users through a compromised user.  In one case, a recently compromised site owned by a Japanese publishing company redirected traffic to several domains hosting the Rig exploit kit. This may have ultimately served the ransomware as a payload.

In another case in late November, a blog site was compromised to display a fake Adobe Flash Player installer page.
When users click on the Yellow install button, a executable setup file gets downloaded, which is basically not a adobe product. After the downloaded executable file is installed on the computer, it encrypts certain files and displays a message in Japanese in popup window, stating that the computer has been locked. The message then asks the user to pay in order to unlock their files. The demanded ransom ranges from 40,000 yen to 300,000 yen (approximately US$500 to US$3,600).

How to Prevent it?
As the holidays is going on, its the best time for the cyber hackers. So be careful while  online shopping or ding any other work online. Check for the URL and SSL strips on he URL. Symantec has the following recommendations to avoid or mitigate ransomware infections:
  • Update the software, operating system, and browser plugins on your computer to prevent attackers from exploiting known vulnerabilities.
  • Use comprehensive security software, such as Norton Security, to protect yourself from cyber criminals.
  • Regularly back up any files stored on your computer. If your computer has been compromised with ransomware, then these files can be restored once the malware is removed from the computer.
  • Never pay the ransom. There’s no guarantee that the attacker will decrypt the files as promised once they receive payment.
Read Also
You may like these posts Show all
Post a Comment
Table of Contents

Loading…