TorrentLocker is a family of file-encrypting ransomware first observed in late 2014, that is almost exclusively distributed through spam email campaigns. The ransomware is noteworthy for targeting specific geographic areas, mainly victims in the United States.

TorrentLocker uses AES to encrypt a wide variety of file types before a payment in bitcoins is demanded. It also goes a step further than most ransomware families by harvesting email addresses from the victim’s machine in order to further spread itself. The ransomware is named after a registry key that early variants created during execution.

According to Eset, data gathered from TorrentLocker’s command and control servers indicate approximately 285 million documents have been encrypted to date.

The indicators of compromise (IOCs) to be blocked are for TorrentLocker's distribution sites and command and control servers.

ThreatSTOP customers are protected from TorrentLocker.