Ransomware software is not something new to Japan. This actually is one of the regions highly affected by a worldwide ransom attack, although no ransomware attack was targeted specifically to Japanese users until now. During the last weeks, however, a new ransomware is observed in the wild, targeting especially to users in Japan.
TorLocker in Japan
Researchers have found that a new, localized version of TorLocker, a part of malware connected to CryptoLocker has been developed to affect Japanese users as a part of a program, operated by cyber criminals. This type of malware has been created to encrypt system files with certain extensions and keep them blocked until victims pay ransom. The tax after a hack attack has been known to be in a range of $500 – $3600 or €400 – €2900.
The TorLocker malware is thought to be a part of a bigger scheme. Researchers believe that it is based on a malware building toolkit, able to create customized ransomware programs. TorLocker has an option for control panel access which can be granted to crooks by the actual operators of the program against a percentage of the ransom the thieves receive.
How TorLocker Spreads
The researchers think that the most common way of spreading the ransomware is through compromised websites, most of which hosting blogs actually. It is also possible though the crooks to rent an exploit kit for machines’ attack. In this case they are taking advantage of system vulnerabilities.
In one of the cases, TorLocker was distributed by a compromised web site advertising free Adobe Flash Player download. Users who fail to this trick are being served with uncertified file which doesn’t even have the typical Adobe logo. This could be a clear sign that the file downloaded might be compromised.
Protect Yourself and Your Computer
Once the crooks breach into the system and the file encryption process is performed a message in Japanese, requesting the ransom in Bitcoin money is being showed to the users.
Security experts advise the victims not to pay the ransom demanded because the crooks might not have the ability to decrypt the files at all. Another reason to ignore their request is stopping this type of cyber crimes – once the thieves stop getting money out of ransomware the attacks will significantly decrease.
The best protection against these attacks is to avoid compromised websites and downloading files with suspicious content. Safe action plan is to create a backup of your system for the most important data at least. Thus, the files will be able to restore once the system is cleaned.