It 's been quiet since 2015 , but TorrentLocker has suddenly returned . And this time it wants to steal Attack.Databreach your passwords too . Cybercriminals are always adding new malicious tricks to ransomware . A ransomware variant which has been relatively inactive for almost two years is back , and this time it 's stealing Attack.Databreach user credentials from victims in addition to demanding a ransom Attack.Ransom to unencrypt locked files . TorrentLocker -- also known as Cryptolocker -- started targeting Windows users in 2014 before dropping off by the summer of 2015 . Like the majority of ransomware schemes , TorrentLocker spreads via spam email messages containing malicious attachments . Rising Bitcoin prices force Cryptolocker ransomware scammers to drop asking price Attack.Ransom Bitcoin 's wild fluctuations have forced a price update to the Cryptolocker ransomware . If the victim enables the macros by choosing to 'Enable Editing ' , a PowerShell code is executed and the ransomware is downloaded , encrypting the victims ' files until they pay a ransom Attack.Ransom . But that is n't where the malicious activity ends , because as noted by cybersecurity researchers at Heimdal Security , this incarnation of TorrentLocker has new features , including the ability to spread itself to other computers via shared files ; something which could see the ransomware taking over a whole network in a very short space of time . In addition to holding networks to ransom Attack.Ransom , the new version of TorrentLocker also harvests Attack.Databreach usernames and passwords from infected computers , putting businesses at risk of cyberespionage and data breaches Attack.Databreach , while users could see their personal or financial information leaked Attack.Databreach and sold to cybercriminals on the dark web . The researchers warn that the revived TorrentLocker campaign is `` very aggressive '' and that many well known antivirus software products have n't been updated to protect against it , even days after the campaign began . Heimdal Security warns users in its native Denmark that they 're being highly targeted by TorrentLocker . Indeed , it appears that European internet users are the main target for those behind the campaign , as Microsoft told BleepingComputer that Italy is by far the most targeted by the perpetrators .