TorrentLocker (aka Cryptolocker) is back and farming credentials as well.

After taking some time off, Cryptolocker appears to be back in a very aggressive campaign, and it has some new ‘features’. It’s sent via Word docs with a PowerShell script, infects and spreads via shared files, and it’s also grabbing credentials as well.

Right now it appears to be targeting Europe, especially Italy, but we need to keep our eyes open regardless of where we live.

 

 

Leave a Reply