TorrentLocker infections surge in Australia, New Zealand
A phishing campaign spreading the malware has been making the rounds with malicious messages either pretending to be penal notices from the New South Wales government or veiling themselves as shipping information from the Australia Post, according to TrendMicro researchers.
Links within the messages direct users to malicious pages that ask them to download files by entering CAPTCHA codes that then download the malicious ZIP files from file-hosting service SendSpace.
Once files are opened, the malware activates and communicates with the command-and-control servers, encrypts the users files, and "deletes a shadow copy" of the compromised machine, which prevents victims from restoring files from a back-up.
Experts believe that 98.28 percent of recipients in the campaign are from Australia.