Ransomware campaign spoofing Swedish Telco Telia

 

According to Heimdal Security, malware from TorrentLocker family has been used to attack Telia customers in Sweden.

virustotal

This campaign features highly targeted attacks that make use of email spam with localized emails and ransom notes, affecting only to Swedish customers of Telia so far.

The spam email messages include a link that points to compromised websites where a captcha code is displayed. If the victim successfully fills out the captcha TorrentLocker payload will be downloaded.

As soon as the malicious code is run, it will connect to the attackers C & C server and send private information, certificates and contact details that will be used in future spam campaigns.

TorrentLocker then encrypts all the files it has access to and displays a ransom note.

Antivirus scans are still not satisfactory, it is only detected by 19/57 AV solutions included in VirusTotal.com.

Source: https://heimdalsecurity.com/blog/torrentlocker-spoofs-telia-ransomware-attack/