TorrentLocker developers patch error

In a twist of irony and a role reversal, the authors of TorrentLocker malware have patched an error that allowed their victims to retrieve files without paying a ransom.

The malware, which was discovered in August by researchers at iSight, was originally aimed at users in Australia but has expanded its focus to targets in the U.K.   However, researchers at Nixu recently discovered that TorrentLocker used the same keystream for all file encryption, making it possible for users to reclaim their files without ponying up payment, according to a blog post from Sans Institute.

The blog warned that “one of the most important things is not to use the keystream more than once,” noting researchers “were able to recover the keystream used to encrypt those files by simply applying XOR between the encrypted file and the plaintext file.” The malware's author's have since patched TorrentLocker.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.