This is the first reported instance of a ransomware specifically targeting users in Japan.
Symantec researchers say that this ransomware is a localized variant of TorLocker.
Symantec researchers have also confirmed that there are multiple variants of this particular Japanese ransomware.
The malware uses the Rijndael algorithm for file encryption.
This particular ransom ware also works the same way with the addition that all instructions are written in Japanese.
TorLocker has been used in ransomware attacks around the world.
In return, the participants give a portion of the profit from the attack to the affiliate programs operator.
Once the file is downloaded and installed, the ransom ware gets to task encrypting the users data.
Once the malware has finished its job, this screen is shown to the user.
The message then asks the user to pay to make it unlock their files.
Japan is fast approaching its new years holiday which is an opportune time for the cybercriminals to strike.
The attacker probably wants to make the most use of unsuspecting users browsing the internet.
Symantec has the following recommendations to avoid or mitigate ransomware infections:
Read More
source: www.techworm.net
