TorrentLocker (aka Cryptolocker) is back and farming credentials as well.

After taking some time off, Cryptolocker appears to be back in a very aggressive campaign, and it has some new ‘features’. It’s sent via Word docs with a PowerShell script, infects and spreads via shared files, and it’s also grabbing credentials as well.

Right now it appears to be targeting Europe, especially Italy, but we need to keep our eyes open regardless of where we live.

 

 


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply