A Copycat Of CryptoLocker Has Appeared In The Wild

Another group has made a copycat of CryptoLocker, and they’ve gone so far as to even use the CryptoLocker name.  Although recently some users are now seeing the infection as TorrentLocker, perhaps the original creators of CryptoLocker are feeling territorial about use of their name.  Beyond stealing the name and being a ransomware infection, these two infections are not the same.

This new CryptoLocker works to encrypt all of your data and renames the files with a .encrypted file extension; although this version does not delete shadow volume copies which in some cases can be used to recover files. You then receive a ransom note, so to speak, giving you a link to purchase the decryption key for your files.  The cost for the decryption key is 1.8 Bitcoins and interestingly is posted as AUD, Australian currency.  1.8 Bitcoins may seem like an odd amount, but at the time of this CryptoLocker’s release it was equal to 1,000 AUD.

Upon clicking the link you’re sent to a website that, at least in some screen shots, provides a Buy It Now price and a Buy It Later price as well as the total number of files encrypted.  Clearly wanting to make sure you are able to buy the decryption key you are also offered information on how to register a Bitcoin wallet and how to purchase Bitcoins.


This infection is using a static Bitcoin address so anyone can go see the payment activity associated with those purchasing the decryption key.  As of this morning total Bitcoins received stands at 77.52790304 BTC or roughly $36,876 USD since late August.

The cyber criminals haul is over $35k USD in just over 2 weeks.  Looking at booty like that and it should become clear to everyone why this kind of crime isn’t going anywhere and why having a quality enterprise backup solution is a must have for any business.

Call or email Top Speed today to learn what an Enterprise Backup Solution will do to protect your company’s valuable data. 775-852-1811 or info@tsis.net



Leave a Reply

Your email address will not be published.

Back to top